On Tue, Jun 30, 2015 at 11:28:39PM +0200, Lukas Slebodnik wrote:
- Running sssd in environment where all actions complete successfully
should emit no debug messages. Default log level should be moved to SSSDBG_OP_FAILURE or CRIT_FAILURE. (This basically amounts to checking all OP, FATAL and CRIT failure messages..)
The reason is that sometimes sssd fails, but because logging is totally silent, we don't know what happened at all. Currently we have a couple of small bugs where we might print a loud DEBUG message just because we search for an entry which is not there etc.
This one is not doable in short term. Please consider AD provider and error causedb by "replacing" groups after tokengroups. But I agree that in long term we shoudl do it.
Maybe not all, but we could do a lot here even in short term.
- anything that causes SSSD to fail to start should also emit a syslog
message. Admins don't really know about sssd debug logs.
We just need to enable logging to journald by default
- change debug level. But it requires to fix previous point.
- our man pages are not structured well, especially the LDAP man page is
too big and contains too many options.
Do you have an idea how to split man pages?
We do not have one long man page. sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8), sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8),sssd-ifp(5),pam_sss(8). sss_rpcidmapd(5)
The main problem is that people needn't know about them and/or they needn't know where to start.
I think most man pages are not that bad, I mostly have issue with sssd.conf(5) and sssd-ldap(5). Especially sssd-ldap would much more readable if we grouped the options. At least having a section for user attribute mappings, group attribute mappings, ... would be very helpful.