On Tue, Apr 19, 2016 at 02:09:14PM -0400, Stephen Gallagher wrote:
> These patches provide support for shipping a default configuration file that the
> monitor will automatically copy to /etc/sssd/sssd.conf if none already exists.
> The idea is for distributions to be able to provide a default (and resettable)
> configuration for out-of-the-box behavior.
>
> I considered writing the patch to check /etc/sssd and then check /usr/lib*/sssd
> in turn, but I realized that this would be too complicated with the infopipe
> interactions (which would need to be updated to do a copy-on-write the first
> time they changed something). It was simpler to just always create the /etc
> version and use that.
>
>
> Patch 0001: Create a secure copy function that can be used to duplicate the
> default configuration
>
> Patch 0002: Cosmetic patch; changes the name of an internal macro variable to
> make it clear that it's the active configuration file, not the default one.
>
> Patch 0003: Add the logic to confdb_setup.c to copy over the default
> configuration if and only if our attempt to load the configuration came up with
> ERR_MISSING_CONF. It will then try to load it again and proceed or fail from there.
>
> The default configuration provided here is to load the SSSD with a single proxy
> provider that reads from nss_files (and supports authentication through
> pam_unix). This does not have to be shipped with any downstream package; the
> idea is that downstreams would be expected to modify this configuration to their
> own needs. This would need to be called out in the release announcement for
> whatever version of SSSD incorporates this change.
Wow, it took me long to get back to the review :-(
I had to slightly fix the unit test otherwise it was failing for me. The
follow up patch is at:
https://github.com/jhrozek/sssd/tree/conf-review
if you agree with squashing the patch into your patchset, I can ACK the
patches.