Improve config validation¶
Related ticket(s):
- https://pagure.io/SSSD/sssd/issue/2247
- https://pagure.io/SSSD/sssd/issue/2028
- https://pagure.io/SSSD/sssd/issue/1308
- https://pagure.io/SSSD/sssd/issue/2249
- https://pagure.io/SSSD/sssd/issue/2269
- https://pagure.io/SSSD/sssd/issue/2465
- https://pagure.io/SSSD/sssd/issue/2687
- …and more
Problem statement¶
Admins should be notified if their configuration is not valid Admins should have an option to still log in to the system if they do an error in configuration
Use cases¶
- Fallback config
- With responders, we can use defaults, they are usually paranoid enough
- With domains, we probably can only fall back to last known good (except local domain)
- Could we start only responders so that if cached data is available, the responders can be used?
- Last known good (First known good)
- For domains
- Use-case: admin changes something and wants to still log in
- Config merging
- Deprecate “services” line
- Be able to drop domain into /etc/sssd/sssd.conf.d/
- Config validation
- prerequisite: have a common definition of options and autogenerate
the rest
- Autogenerate dp_opts, man pages and configAPI sources from a common location
- Look at Samba
- …for that we need to use dp_opts everywhere
- prerequisite: have a common definition of options and autogenerate
the rest
To do¶
- Does ding-libs support config validation?
Overview of the solution¶
Describe, without going too low into technical details, what changes
need to happen in SSSD during implementation of this feature. This
section should be understood by a person with understanding of how SSSD
works internally but doesn’t have an in-depth understanding of the code.
For example, it’s fine to say that we implement a new option foo
with a default value bar, but don’t talk about how is foo
processed internally and which structure stores the value of `foo. In
some cases (internal APIs, refactoring, …) this section might blend
with the next one.
Implementation details¶
A more technical extension of the previous section. Might include low-level details, such as C structures, function synopsis etc. In case of very trivial features (e.g. a new option), this section can be merged with the previous one.
Configuration changes¶
Does your feature involve changes to configuration, like new options or options changing values? Summarize them here. There’s no need to go into too many details, that’s what man pages are for.
How To Test¶
This section should explain to a person with admin-level of SSSD understanding how this change affects run time behaviour of SSSD and how can an SSSD user test this change. If the feature is internal-only, please list what areas of SSSD are affected so that testers know where to focus.