On (17/04/17 10:41), Jakub Hrozek wrote: >On Thu, Apr 13, 2017 at 09:50:26AM -0400, Simo Sorce wrote: >> On Thu, 2017-04-13 at 15:23 +0200, Jakub Hrozek wrote: >> > On Thu, Apr 13, 2017 at 07:39:48AM -0500, Lesley Kimmel wrote: >> > > All; >> > >> > > >> > >> > > I'm using Puppet to configure sssd domains. Generally I am trying to add >> > >> > > them via separate files under /etc/sssd/conf.d/. The question I have is >> > > how >> > >> > > the [sssd]/domains parameter is merged. My guess is that the highest >> > >> > > numbered config file under conf.d will take precedence. >> > >> > > >> > >> > > If that is the case I think my best bet would be to exclude this >> > > parameter >> > >> > > from all conf.d files and only use the parameter in sssd.conf to control >> > >> > > which domains get configured. >> > >> > > >> > >> > > It would be very useful if the domains parameter could be merged across >> > > all >> > >> > > conf.d files so one could simply drop a new domain configuration and have >> > >> > > it be used. >> > >> > >> > What we we talking about (but it's not implemented yet) is that all >> > domains with enabled=True flag would be enabled without being listed in >> > the domains= option. So you'd just drop a file like this: >> > >> > [domains/myldap] >> > id_provider = ldap >> > ldap_uri = ldap://my.ldap >> > enabled=True >> > >> > Of course we'd need to figure out the ordering..but perhaps just putting >> > the domain into the enabled domains list when it's first read from the >> > snippet would work? >> >> If the snippets are read in order (with order specified as "alphabetic >> or something?), then that could be the order. > >This is exactly how it's used. > >> >> the problem is that the python configuration API does not preserve >> ordering of sections, so if you then use this in the main sssd.conf >> where you have multiple sections and you use the python API to change >> sssd.conf you may end up with reordered domains ... and that would >> definitely not be nice. > >Hmm, good point, we need to fix that.. There is nothing to fix :-). The agreement was that we do not support snippet files in python-sssdconfig.
So it would be RFE to support them :-) LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
