On 05/10/2016 09:45 AM, Jakub Hrozek wrote: > On Tue, Apr 19, 2016 at 02:09:14PM -0400, Stephen Gallagher wrote: >> These patches provide support for shipping a default configuration file that >> the >> monitor will automatically copy to /etc/sssd/sssd.conf if none already >> exists. >> The idea is for distributions to be able to provide a default (and >> resettable) >> configuration for out-of-the-box behavior. >> >> I considered writing the patch to check /etc/sssd and then check >> /usr/lib*/sssd >> in turn, but I realized that this would be too complicated with the infopipe >> interactions (which would need to be updated to do a copy-on-write the first >> time they changed something). It was simpler to just always create the /etc >> version and use that. >> >> >> Patch 0001: Create a secure copy function that can be used to duplicate the >> default configuration >> >> Patch 0002: Cosmetic patch; changes the name of an internal macro variable to >> make it clear that it's the active configuration file, not the default one. >> >> Patch 0003: Add the logic to confdb_setup.c to copy over the default >> configuration if and only if our attempt to load the configuration came up >> with >> ERR_MISSING_CONF. It will then try to load it again and proceed or fail from >> there. >> >> The default configuration provided here is to load the SSSD with a single >> proxy >> provider that reads from nss_files (and supports authentication through >> pam_unix). This does not have to be shipped with any downstream package; the >> idea is that downstreams would be expected to modify this configuration to >> their >> own needs. This would need to be called out in the release announcement for >> whatever version of SSSD incorporates this change. > > Wow, it took me long to get back to the review :-( > > I had to slightly fix the unit test otherwise it was failing for me. The > follow up patch is at: > https://github.com/jhrozek/sssd/tree/conf-review > if you agree with squashing the patch into your patchset, I can ACK the > patches. >
LGTM
signature.asc
Description: OpenPGP digital signature
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
