On (18/04/17 11:01), Jakub Hrozek wrote: >On Tue, Apr 18, 2017 at 10:53:43AM +0200, Lukas Slebodnik wrote: >> On (17/04/17 10:41), Jakub Hrozek wrote: >> >On Thu, Apr 13, 2017 at 09:50:26AM -0400, Simo Sorce wrote: >> >> On Thu, 2017-04-13 at 15:23 +0200, Jakub Hrozek wrote: >> >> > On Thu, Apr 13, 2017 at 07:39:48AM -0500, Lesley Kimmel wrote: >> >> > > All; >> >> > >> >> > > >> >> > >> >> > > I'm using Puppet to configure sssd domains. Generally I am trying to >> >> > > add >> >> > >> >> > > them via separate files under /etc/sssd/conf.d/. The question I have >> >> > > is how >> >> > >> >> > > the [sssd]/domains parameter is merged. My guess is that the highest >> >> > >> >> > > numbered config file under conf.d will take precedence. >> >> > >> >> > > >> >> > >> >> > > If that is the case I think my best bet would be to exclude this >> >> > > parameter >> >> > >> >> > > from all conf.d files and only use the parameter in sssd.conf to >> >> > > control >> >> > >> >> > > which domains get configured. >> >> > >> >> > > >> >> > >> >> > > It would be very useful if the domains parameter could be merged >> >> > > across all >> >> > >> >> > > conf.d files so one could simply drop a new domain configuration and >> >> > > have >> >> > >> >> > > it be used. >> >> > >> >> > >> >> > What we we talking about (but it's not implemented yet) is that all >> >> > domains with enabled=True flag would be enabled without being listed in >> >> > the domains= option. So you'd just drop a file like this: >> >> > >> >> > [domains/myldap] >> >> > id_provider = ldap >> >> > ldap_uri = ldap://my.ldap >> >> > enabled=True >> >> > >> >> > Of course we'd need to figure out the ordering..but perhaps just putting >> >> > the domain into the enabled domains list when it's first read from the >> >> > snippet would work? >> >> >> >> If the snippets are read in order (with order specified as "alphabetic >> >> or something?), then that could be the order. >> > >> >This is exactly how it's used. >> > >> >> >> >> the problem is that the python configuration API does not preserve >> >> ordering of sections, so if you then use this in the main sssd.conf >> >> where you have multiple sections and you use the python API to change >> >> sssd.conf you may end up with reordered domains ... and that would >> >> definitely not be nice. >> > >> >Hmm, good point, we need to fix that.. >> There is nothing to fix :-). >> The agreement was that we do not support snippet files >> in python-sssdconfig. >> >> So it would be RFE to support them :-) > >This is not about the snippet files, but about the main config file. > >If we support this: > >[sssd] ># no domains= line here > >[domain/foo] >enabled=true > >[domain/bar] >enabled=true > >then it's important that python-sssdconfig doesn't reverse the order of >the [domain/] sections during some update. We do not support it yet. So it is not really related to this thread.
But you can add such notes to existing ticket for such feature. If we have one. LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
