Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-99093

[Epic]: feat: control sssd domain/realm section name to use; merge settings into chosen name [rhel-9]

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • [Epic]: feat: control sssd domain/realm section name to use; merge settings into chosen name [rhel-9]
    • Low
    • Red Hat Enterprise Linux
    • 0% To Do, 0% In Progress, 100% Done
    • rhel-system-roles
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Dev ack

      This is a clone of issue RHEL-99087 to use for version rhel-9.7

      Original description:
      Feature: Add ability to control the name of the section used in the SSSD config file
      for the domain/realm specific settings, as managed by `ad_dyndns_update` and
      `ad_integration_sssd_custom_settings`. By default, the role will use the lower
      case of the `ad_integration_realm`, but in some cases you want to use the actual
      case of `ad_integration_realm`. There is a new option
      `ad_integration_sssd_realm_preserve_case` which can be set to `true` to preserve
      the case of the realm. This may leave the SSSD config file with multiple sections
      for the realm. Use the new `ad_integration_sssd_remove_duplicate_sections` setting
      to consolidate all of the settings from the multiple sections into the chosen
      section.

      Reason: The SSSD config file is not "owned" by the ad_integration role and must
      be able to use the realm/domain section as configured.

      Result: The ad_integration role can manage domain/realm sections in the SSSD
      config file correctly.

      Signed-off-by: Rich Megginson <rmeggins@redhat.com>

        1. Summary by Sourcery

      Enable control over SSSD domain section naming and duplicate consolidation, fix handling of uppercase domains, refactor task logic, and update documentation, defaults, and tests accordingly

      New Features:

      • Allow preserving the case of the AD realm in the SSSD domain section via ad_integration_sssd_realm_preserve_case
      • Add ad_integration_sssd_remove_duplicate_sections to merge and remove duplicate domain sections in sssd.conf

      Bug Fixes:

      • Fix incorrect SSSD configuration when using non-lowercase domain names

      Enhancements:

      • Refactor SSSD settings task to load existing sssd.conf, detect and consolidate matching domain sections case-insensitively
      • Unify configuration of sssd, dynamic DNS, and custom settings under a single block with computed section logic

      Documentation:

      • Update README to explain realm casing and duplicate section removal options

      Tests:

      • Update tests to use dynamic __ad_integration_sssd_conf path, expose role tests as public, and add migration scenarios for duplicate section handling

              rmeggins@redhat.com Richard Megginson
              rmeggins@redhat.com Richard Megginson
              Richard Megginson Richard Megginson
              David Jez David Jez
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: