[Freeipa-devel] [PATCH] 0012 Modify existing SSSD configuration instead of dropping it
Alexander Bokovoy
abokovoy at redhat.com
Tue Sep 13 12:11:44 UTC 2011
On Thu, 08 Sep 2011, Alexander Bokovoy wrote:
> On Wed, 07 Sep 2011, Stephen Gallagher wrote:
>
> > On Wed, 2011-09-07 at 16:15 +0300, Alexander Bokovoy wrote:
> > > Hi!
> > >
> > > When modifying SSSD configuration, attempt to add new domain rather
> > > than replacing whole configuration file.
> > >
> > > Only replace file in case it is impossible to parse it by current SSSD
> > > version.
> > >
> > > https://fedorahosted.org/freeipa/ticket/1750
> >
> > Looks good to me. Ack.
> Unfortunately, there is a bug in libini_config that prevents modifying
> existing sssd configuration as it becomes unreadable by libini_config.
>
> https://fedorahosted.org/sssd/ticket/991
>
> I would suggest to postpone this patch until libini_config bug is
> fixed and released.
After some research it appears there is no issue with libini_config,
SSSD happily reads configs amended by ipa-client-install, with or
without empty line between sections.
The issue Marko was seeing in SSSD991 or FreeIPA1174 is unrelated to
this change. It is an issue of timing -- by time we ask for 'getent
passwd admin', SSSD might have not started its providers. We are
trying to wait 1 second and do re-try for 5 times but some people have
experienced delays up to 10 seconds.
So this patch is unblocked. To solve delayed data initialization from
SSSD in NSS responder we might simply increase number of tries to 10
in case SSSD is in use.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list