[Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it

Alexander Bokovoy abokovoy at redhat.com
Tue Sep 13 12:11:44 UTC 2011


On Thu, 08 Sep 2011, Alexander Bokovoy wrote:

> On Wed, 07 Sep 2011, Stephen Gallagher wrote:
> 
> > On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote:
> > > Hi!
> > > 
> > > When modifying SSSD configuration, attempt to add new domain rather 
> > > than replacing whole configuration file.
> > > 
> > > Only replace file in case it is impossible to parse it by current SSSD 
> > > version.
> > > 
> > > https://fedorahosted.org/freeipa/ticket/1750
> > 
> > Looks good to me. Ack.
> Unfortunately, there is a bug in libini_config that prevents modifying 
> existing sssd configuration as it becomes unreadable by libini_config.
> 
> https://fedorahosted.org/sssd/ticket/991
> 
> I would suggest to postpone this patch until libini_config bug is 
> fixed and released.
After some research it appears there is no issue with libini_config, 
SSSD happily reads configs amended by ipa-client-install, with or 
without empty line between sections.

The issue Marko was seeing in SSSD991 or FreeIPA1174 is unrelated to 
this change. It is an issue of timing -- by time we ask for 'getent 
passwd admin', SSSD might have not started its providers. We are 
trying to wait 1 second and do re-try for 5 times but some people have 
experienced delays up to 10 seconds.

So this patch is unblocked. To solve delayed data initialization from 
SSSD in NSS responder we might simply increase number of tries to 10 
in case SSSD is in use.


-- 
/ Alexander Bokovoy




More information about the Freeipa-devel mailing list