URL: https://github.com/SSSD/sssd/pull/519 Author: justin-stephenson Title: #519: DEBUG: Print simple access provider allow and deny lists Action: opened
PR body: """ Prior to this PR, debug level 9 logs do not print the simple allow and deny user or group lists that are checked against during simple access checks when `access_provider = simple`
These debug statements helped to solve a downstream customer case where `simple_allow_users` was not working as expected, the administrator discovered when they saw the usernames printed in the logs that the `simple_allow_users` list was coming from a **/etc/sssd/conf.d/alternate.conf** file which was overriding what they set in **/etc/sssd/sssd.conf**. """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/519/head:pr519 git checkout pr519
URL: https://github.com/SSSD/sssd/pull/519 Title: #519: DEBUG: Print simple access provider allow and deny lists
centos-ci commented: """ Can one of the admins verify this patch? """
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-366542761
URL: https://github.com/SSSD/sssd/pull/519 Title: #519: DEBUG: Print simple access provider allow and deny lists
centos-ci commented: """ Can one of the admins verify this patch? """
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-366542762
URL: https://github.com/SSSD/sssd/pull/519 Title: #519: DEBUG: Print simple access provider allow and deny lists
sumit-bose commented: """ ok to test """
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-366623797
URL: https://github.com/SSSD/sssd/pull/519 Title: #519: DEBUG: Print simple access provider allow and deny lists
pbrezina commented: """ I think using highest debug level `SSSDBG_TRACE_ALL` would be better so we do not swamp the logs with information easily obtainable from a configuration file. Otherwise its an ack. Thank you Justin. """
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-367650206
URL: https://github.com/SSSD/sssd/pull/519 Title: #519: DEBUG: Print simple access provider allow and deny lists
jhrozek commented: """ btw for debugging purposes I wonder if it was also a good idea to read and print the lists in `sssm_simple_access_init`. I think confdb already contains the merged values, so just reading each list with `confdb_get_string` and printing the value would be easy. I guess there the message level could be higher (CONF_SETTINGS?).
I agree that the message with stepping through the list should be less verbose, because I've seen some strange configurations where the admins were even hitting the libini line limit with their ACLs.. """
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-367662518
URL: https://github.com/SSSD/sssd/pull/519 Title: #519: DEBUG: Print simple access provider allow and deny lists
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/519 Author: justin-stephenson Title: #519: DEBUG: Print simple access provider allow and deny lists Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/519/head:pr519 git checkout pr519
URL: https://github.com/SSSD/sssd/pull/519 Title: #519: DEBUG: Print simple access provider allow and deny lists
justin-stephenson commented: """ PR updated with changes suggested, please review. """
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-368991183
URL: https://github.com/SSSD/sssd/pull/519 Title: #519: DEBUG: Print simple access provider allow and deny lists
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/519 Title: #519: DEBUG: Print simple access provider allow and deny lists
jhrozek commented: """ ACK, CI http://vm-031.$%7BABC%7D/logs/job/86/34/summary.html """
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-372449692
URL: https://github.com/SSSD/sssd/pull/519 Title: #519: DEBUG: Print simple access provider allow and deny lists
jhrozek commented: """ I fixed a trivial const warning in the code and pushed the patch to master: e32e17d04c796b37bc3f4cde58106d54ffa2b6d1 """
See the full comment at https://github.com/SSSD/sssd/pull/519#issuecomment-372617221
URL: https://github.com/SSSD/sssd/pull/519 Author: justin-stephenson Title: #519: DEBUG: Print simple access provider allow and deny lists Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/519/head:pr519 git checkout pr519
URL: https://github.com/SSSD/sssd/pull/519 Title: #519: DEBUG: Print simple access provider allow and deny lists
Label: +Pushed
sssd-devel@lists.fedorahosted.org
-
centos-ci -
jhrozek
-
justin-stephenson
-
pbrezina
-
sumit-bose