On Tue, Apr 18, 2017 at 10:53:43AM +0200, Lukas Slebodnik wrote: > On (17/04/17 10:41), Jakub Hrozek wrote: > >On Thu, Apr 13, 2017 at 09:50:26AM -0400, Simo Sorce wrote: > >> On Thu, 2017-04-13 at 15:23 +0200, Jakub Hrozek wrote: > >> > On Thu, Apr 13, 2017 at 07:39:48AM -0500, Lesley Kimmel wrote: > >> > > All; > >> > > >> > > > >> > > >> > > I'm using Puppet to configure sssd domains. Generally I am trying to > >> > > add > >> > > >> > > them via separate files under /etc/sssd/conf.d/. The question I have > >> > > is how > >> > > >> > > the [sssd]/domains parameter is merged. My guess is that the highest > >> > > >> > > numbered config file under conf.d will take precedence. > >> > > >> > > > >> > > >> > > If that is the case I think my best bet would be to exclude this > >> > > parameter > >> > > >> > > from all conf.d files and only use the parameter in sssd.conf to > >> > > control > >> > > >> > > which domains get configured. > >> > > >> > > > >> > > >> > > It would be very useful if the domains parameter could be merged > >> > > across all > >> > > >> > > conf.d files so one could simply drop a new domain configuration and > >> > > have > >> > > >> > > it be used. > >> > > >> > > >> > What we we talking about (but it's not implemented yet) is that all > >> > domains with enabled=True flag would be enabled without being listed in > >> > the domains= option. So you'd just drop a file like this: > >> > > >> > [domains/myldap] > >> > id_provider = ldap > >> > ldap_uri = ldap://my.ldap > >> > enabled=True > >> > > >> > Of course we'd need to figure out the ordering..but perhaps just putting > >> > the domain into the enabled domains list when it's first read from the > >> > snippet would work? > >> > >> If the snippets are read in order (with order specified as "alphabetic > >> or something?), then that could be the order. > > > >This is exactly how it's used. > > > >> > >> the problem is that the python configuration API does not preserve > >> ordering of sections, so if you then use this in the main sssd.conf > >> where you have multiple sections and you use the python API to change > >> sssd.conf you may end up with reordered domains ... and that would > >> definitely not be nice. > > > >Hmm, good point, we need to fix that.. > There is nothing to fix :-). > The agreement was that we do not support snippet files > in python-sssdconfig. > > So it would be RFE to support them :-)
This is not about the snippet files, but about the main config file. If we support this: [sssd] # no domains= line here [domain/foo] enabled=true [domain/bar] enabled=true then it's important that python-sssdconfig doesn't reverse the order of the [domain/] sections during some update. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
