Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-28666

sssctl config-check is reporting false positive error msg

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • rhel-9.5
    • rhel-8.2.0, rhel-8.9.0, rhel-9.2.0, rhel-9.3.0
    • sssd
    • sssd-2.9.5-1.el9
    • None
    • Low
    • rhel-sst-idm-sssd
    • ssg_idm
    • 12
    • 14
    • 0
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

      `sssctl config-check` is reporting `memcache_size_sid` should not be placed under `nss` section whereas `memcache_size_sid` is for `[nss]` section only

       

      [root@ipaserver ~]# sssctl config-check
Issues identified by validators: 1
[rule/allowed_nss_options]: Attribute 'memcache_size_sid' is not allowed in section 'nss'. Check for typos.
 
Messages generated during configuration merging: 0
 
Used configuration snippet files: 0
[root@ipaserver ~]#

       

      Error is coming from the validator.

      https://github.com/SSSD/sssd/blob/0935ce945253a5888e5e2b0c5509b926786d7362/src/tools/sssctl/sssctl_config.c#L125

       

          /* Run validators */
    ret = sss_ini_call_validators_strs(tmp_ctx, init_data,
                                       SSSDDATADIR"/cfg_rules.ini",
                                       &strs, &num_errors);
    if (ret) {
        PRINT("Failed to run validators");
        goto done;
    }
    PRINT("Issues identified by validators: %zu\n", num_errors);
    for (i = 0; i < num_errors; i++) {
        printf("%s\n", strs[i]);
    }

       

      sss_ini_call_validators_strs Func:

      https://github.com/SSSD/sssd/blob/0935ce945253a5888e5e2b0c5509b926786d7362/src/util/sss_ini.c#L809

      https://github.com/SSSD/sssd/blob/0935ce945253a5888e5e2b0c5509b926786d7362/src/config/cfg_rules.ini#L60

      memcache_size_sid needs to be added herein `[rule/allowed_nss_options]`

       

      [rule/allowed_nss_options]
validator = ini_allowed_options
section_re = ^nss$
option = timeout
option = debug
option = debug_level
option = debug_timestamps
option = debug_microseconds
option = debug_backtrace_enabled
option = command
option = reconnection_retries
option = fd_limit
option = client_idle_timeout
option = description
option = responder_idle_timeout
option = cache_first
option = memcache_size_sid <---

       

       

      Please provide the package NVR for which bug is seen:

      How reproducible:

       

      [root@ipaserver ~]# sssctl config-check
Issues identified by validators: 1
[rule/allowed_nss_options]: Attribute 'memcache_size_sid' is not allowed in section 'nss'. Check for typos.
Messages generated during configuration merging: 0
Used configuration snippet files: 0
[root@ipaserver ~]# 
[root@ipaserver ~]# 
[root@ipaserver ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.9 (Ootpa)
[root@ipaserver ~]# 
[root@ipaserver ~]# rpm -qa|grep sssd
sssd-krb5-2.9.1-4.el8_9.5.x86_64
sssd-tools-2.9.1-4.el8_9.5.x86_64
sssd-kcm-2.9.1-4.el8_9.5.x86_64
python3-sssdconfig-2.9.1-4.el8_9.5.noarch
sssd-proxy-2.9.1-4.el8_9.5.x86_64
sssd-ipa-2.9.1-4.el8_9.5.x86_64
sssd-client-2.9.1-4.el8_9.5.x86_64
sssd-krb5-common-2.9.1-4.el8_9.5.x86_64
sssd-2.9.1-4.el8_9.5.x86_64
sssd-nfs-idmap-2.9.1-4.el8_9.5.x86_64
sssd-common-2.9.1-4.el8_9.5.x86_64
sssd-ldap-2.9.1-4.el8_9.5.x86_64
sssd-ad-2.9.1-4.el8_9.5.x86_64
sssd-winbind-idmap-2.9.1-4.el8_9.5.x86_64
sssd-common-pac-2.9.1-4.el8_9.5.x86_64
sssd-idp-2.9.1-4.el8_9.5.x86_64
sssd-dbus-2.9.1-4.el8_9.5.x86_64
[root@ipaserver ~]# 

       

       

      Expected results

      Actual results

              sssd-maint SSSD Maintainers
              rhn-support-abroy Abhijit Roy
              SSSD Maintainers SSSD Maintainers
              Anuj Borah Anuj Borah
              Louise McGarry Louise McGarry
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: