On Tue, Apr 19, 2016 at 02:09:14PM -0400, Stephen Gallagher wrote:
These patches provide support for shipping a default configuration
file that the
monitor will automatically copy to /etc/sssd/sssd.conf if none already exists.
The idea is for distributions to be able to provide a default (and resettable)
configuration for out-of-the-box behavior.
I considered writing the patch to check /etc/sssd and then check /usr/lib*/sssd
in turn, but I realized that this would be too complicated with the infopipe
interactions (which would need to be updated to do a copy-on-write the first
time they changed something). It was simpler to just always create the /etc
version and use that.
Patch 0001: Create a secure copy function that can be used to duplicate the
Patch 0002: Cosmetic patch; changes the name of an internal macro variable to
make it clear that it's the active configuration file, not the default one.
Patch 0003: Add the logic to confdb_setup.c to copy over the default
configuration if and only if our attempt to load the configuration came up with
ERR_MISSING_CONF. It will then try to load it again and proceed or fail from there.
The default configuration provided here is to load the SSSD with a single proxy
provider that reads from nss_files (and supports authentication through
pam_unix). This does not have to be shipped with any downstream package; the
idea is that downstreams would be expected to modify this configuration to their
own needs. This would need to be called out in the release announcement for
whatever version of SSSD incorporates this change.
Wow, it took me long to get back to the review :-(
I had to slightly fix the unit test otherwise it was failing for me. The
follow up patch is at:
if you agree with squashing the patch into your patchset, I can ACK the