On Thu, 2017-04-13 at 15:23 +0200, Jakub Hrozek wrote: > On Thu, Apr 13, 2017 at 07:39:48AM -0500, Lesley Kimmel wrote: > > All; > > > > > > I'm using Puppet to configure sssd domains. Generally I am trying to add > > > them via separate files under /etc/sssd/conf.d/. The question I have is how > > > the [sssd]/domains parameter is merged. My guess is that the highest > > > numbered config file under conf.d will take precedence. > > > > > > If that is the case I think my best bet would be to exclude this parameter > > > from all conf.d files and only use the parameter in sssd.conf to control > > > which domains get configured. > > > > > > It would be very useful if the domains parameter could be merged across all > > > conf.d files so one could simply drop a new domain configuration and have > > > it be used. > > > What we we talking about (but it's not implemented yet) is that all > domains with enabled=True flag would be enabled without being listed in > the domains= option. So you'd just drop a file like this: > > [domains/myldap] > id_provider = ldap > ldap_uri = ldap://my.ldap > enabled=True > > Of course we'd need to figure out the ordering..but perhaps just putting > the domain into the enabled domains list when it's first read from the > snippet would work?
If the snippets are read in order (with order specified as "alphabetic or something?), then that could be the order. the problem is that the python configuration API does not preserve ordering of sections, so if you then use this in the main sssd.conf where you have multiple sections and you use the python API to change sssd.conf you may end up with reordered domains ... and that would definitely not be nice. Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
