On Tue, May 10, 2016 at 09:51:18AM -0400, Stephen Gallagher wrote:
On 05/10/2016 09:45 AM, Jakub Hrozek wrote:
> On Tue, Apr 19, 2016 at 02:09:14PM -0400, Stephen Gallagher wrote:
>> These patches provide support for shipping a default configuration file that
>> monitor will automatically copy to /etc/sssd/sssd.conf if none already exists.
>> The idea is for distributions to be able to provide a default (and resettable)
>> configuration for out-of-the-box behavior.
>> I considered writing the patch to check /etc/sssd and then check /usr/lib*/sssd
>> in turn, but I realized that this would be too complicated with the infopipe
>> interactions (which would need to be updated to do a copy-on-write the first
>> time they changed something). It was simpler to just always create the /etc
>> version and use that.
>> Patch 0001: Create a secure copy function that can be used to duplicate the
>> default configuration
>> Patch 0002: Cosmetic patch; changes the name of an internal macro variable to
>> make it clear that it's the active configuration file, not the default one.
>> Patch 0003: Add the logic to confdb_setup.c to copy over the default
>> configuration if and only if our attempt to load the configuration came up with
>> ERR_MISSING_CONF. It will then try to load it again and proceed or fail from
>> The default configuration provided here is to load the SSSD with a single proxy
>> provider that reads from nss_files (and supports authentication through
>> pam_unix). This does not have to be shipped with any downstream package; the
>> idea is that downstreams would be expected to modify this configuration to
>> own needs. This would need to be called out in the release announcement for
>> whatever version of SSSD incorporates this change.
> Wow, it took me long to get back to the review :-(
> I had to slightly fix the unit test otherwise it was failing for me. The
> follow up patch is at:
> if you agree with squashing the patch into your patchset, I can ACK the
OK, for posterity, attached are the patches (RB: me) that I would like
CI passed as well:
(The failure on debian is in dyndns-tests, which is unrelated)