On Thu, Apr 13, 2017 at 09:50:26AM -0400, Simo Sorce wrote: > On Thu, 2017-04-13 at 15:23 +0200, Jakub Hrozek wrote: > > On Thu, Apr 13, 2017 at 07:39:48AM -0500, Lesley Kimmel wrote: > > > All; > > > > > > > > > > I'm using Puppet to configure sssd domains. Generally I am trying to add > > > > > them via separate files under /etc/sssd/conf.d/. The question I have is > > > how > > > > > the [sssd]/domains parameter is merged. My guess is that the highest > > > > > numbered config file under conf.d will take precedence. > > > > > > > > > > If that is the case I think my best bet would be to exclude this parameter > > > > > from all conf.d files and only use the parameter in sssd.conf to control > > > > > which domains get configured. > > > > > > > > > > It would be very useful if the domains parameter could be merged across > > > all > > > > > conf.d files so one could simply drop a new domain configuration and have > > > > > it be used. > > > > > > What we we talking about (but it's not implemented yet) is that all > > domains with enabled=True flag would be enabled without being listed in > > the domains= option. So you'd just drop a file like this: > > > > [domains/myldap] > > id_provider = ldap > > ldap_uri = ldap://my.ldap > > enabled=True > > > > Of course we'd need to figure out the ordering..but perhaps just putting > > the domain into the enabled domains list when it's first read from the > > snippet would work? > > If the snippets are read in order (with order specified as "alphabetic > or something?), then that could be the order.
This is exactly how it's used. > > the problem is that the python configuration API does not preserve > ordering of sections, so if you then use this in the main sssd.conf > where you have multiple sections and you use the python API to change > sssd.conf you may end up with reordered domains ... and that would > definitely not be nice. Hmm, good point, we need to fix that.. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
