[Bug 662963] New: yast2 ldap-client creates invalid sssd.conf when "Do Not Use LDAP" is selected
https://bugzilla.novell.com/show_bug.cgi?id=662963 https://bugzilla.novell.com/show_bug.cgi?id=662963#c0 Summary: yast2 ldap-client creates invalid sssd.conf when "Do Not Use LDAP" is selected Classification: openSUSE Product: openSUSE 11.4 Version: Milestone 5 of 6 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: jsuchome@novell.com ReportedBy: rhafer@novell.com QAContact: jsrain@novell.com Found By: Development Blocker: --- How to reproduce: 1. make sure sssd is not installed and /etc/sssd/sssd.conf does not exist 2. start yast2 ldap-client 3. Select "Do Not Use LDAP" from the Radio Button Group 4. Enter LDAP settings (server + basedn) 5. Click ok. Upon writing YaST will create an incomplete sssd.conf (missing some sections and settings). Now: 6. start yast2 ldap-client again 7. Select "Use LDAP" 8. Click ok. sssd and its dependencies will get installed but, sssd can't startup because the configuration is broken. We should either create a working sssd.conf of not write sssd.conf at all when "Do Not Use LDAP" is selected. I'll give more details about the missing things in sssd.conf in the next comment. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=662963 https://bugzilla.novell.com/show_bug.cgi?id=662963#c1 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |rhafer@novell.com --- Comment #1 from Jiří Suchomel <jsuchome@novell.com> 2011-01-07 12:00:30 UTC --- In latest package, I do not write the file when it is not present. Is it good enough? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=662963 https://bugzilla.novell.com/show_bug.cgi?id=662963#c2 Ralf Haferkamp <rhafer@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|rhafer@novell.com | --- Comment #2 from Ralf Haferkamp <rhafer@novell.com> 2011-01-07 13:24:26 CET --- (In reply to comment #1)
In latest package, I do not write the file when it is not present. Is it good enough? Yes, I guess so. Though the main reasons why it was working were:
- sssd.conf needs to be 0600 (it might contain cleartext secrets, or cleartext equivalents). SSSD checks that upon startup and refuses to start if the file is not 0600. YaST created that file as 0644. - the [sssd] section missed the line: config_file_version = 2 yast2-ldap-client should probably check the above conditions, always when writing sssd.conf. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=662963 https://bugzilla.novell.com/show_bug.cgi?id=662963#c3 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #3 from Jiří Suchomel <jsuchome@novell.com> 2011-01-07 12:42:42 UTC --- (In reply to comment #2)
(In reply to comment #1)
In latest package, I do not write the file when it is not present. Is it good enough? Yes, I guess so. Though the main reasons why it was working were:
- sssd.conf needs to be 0600 (it might contain cleartext secrets, or cleartext equivalents). SSSD checks that upon startup and refuses to start if the file is not 0600. YaST created that file as 0644.
- the [sssd] section missed the line: config_file_version = 2
yast2-ldap-client should probably check the above conditions, always when writing sssd.conf.
I don't think check for permission is needed, when I ensure that YaST writes only into existing file. If the file exists, it was created by sssd package with correct permissions. If they were still wrong, user must have changed them manually, which is bad, but YaST should not argue about it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com