Bug 1226157 - sssd: missing /etc/sssd/sssd.conf
Summary: sssd: missing /etc/sssd/sssd.conf
Status: IN_PROGRESS
Alias: None
Product: openSUSE Distribution
Classification: openSUSE
Component: Other (show other bugs)
Version: Leap 15.6
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Samuel Cabrero
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-06-10 15:27 UTC by Giacomo Comes
Modified: 2024-07-17 13:32 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
scabrero: needinfo? (dleuenberger)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Giacomo Comes 2024-06-10 15:27:02 UTC 
I use sssd. I normally edit /etc/sssd/sssd.conf in order to configure the package. In Leap 15.6 such file does not exist. I found in the packages sssd the file /usr/lib64/sssd/conf/sssd.conf and, for testing, I made my changes there.
When I started sssd.service it didn't start. The presence of /etc/sssd/sssd.conf is required for the service to run although I didn't find any reference in /usr/share/doc/packages/sssd to the fact that the user is now required to create /etc/sssd/sssd.conf from scratch.
I then made a copy of /usr/lib64/sssd/conf/sssd.conf to /etc/sssd/sssd.conf and changed it. When I started sssd.service it didn't start. The file /etc/sssd/sssd.conf can be readable only by root, but the file /usr/lib64/sssd/conf/sssd.conf did not have such permission and when I made the copy, /etc/sssd/sssd.conf was world readable as well. After changing the permission of /etc/sssd/sssd.conf I was finally able to start sssd.service.

Please does not make such disruptive changes without giving the user indication about what it is required to do (that was not required before) before the program can be used.
I suggest to put back /etc/sssd/sssd.conf with proper permission containing only commented lines explaining what and why the changes were made and what the user is supposed to do now.
In this way may be other users will not go through the painful trial and error process as I did, before being able to use sssd in Leap 15.6.
Comment 1 Samuel Cabrero 2024-07-02 15:29:03 UTC 
Hi Giacomo,

the change was documented in package changelog, it is part of UsrEtc migration https://en.opensuse.org/openSUSE:Packaging_UsrEtc

> -------------------------------------------------------------------
> Tue Oct 31 11:04:57 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
> 
> - Default config is unworkable, just stop installing it altogether
>   [boo#1216739]
Comment 2 Giacomo Comes 2024-07-02 18:06:37 UTC 
Hi Samuel,
the /usr/etc migration normally means that files that were in /etc
(/etc/sssd/sssd.conf) can be found now in /usr/etc (/usr/etc/sssd/sssd.conf)
Examples: nsswitch.conf, idmapd.conf, sshd_config, login.defs, just to mention fews.
This didn't happen with sssd. /etc/sssd/sssd.conf was simply removed.
And that is the only mention available in the changelog.

No-were is said that the user has to create /etc/sssd/sssd.conf anyway and with the appropriate permission in order to make sssd work. It is this lack of information that I was complaining about.
I have been using sssd for a long time and it took to me some digging in order to understand what was going on. Imagine a user which is going to use sssd for the first time on Leap 15.6 how he will feel.

Now if you are going the add some documentation to the package or not, it's up to you. I think there is a lack of information, and my job was to report it.
Comment 3 Giacomo Comes 2024-07-02 18:26:46 UTC 
And continuing to talk about sssd and its issues, be aware that on Leap 15.6 the command 'pam-config -a --sss' does not work.
I opened boo#1226123 about this problem. It is my understanding that the pam-config maintainer is unwilling to acknowledge a fault in pam-config which means that is up to the sssd maintainers to solve the problem by providing the package sssd-32bit for Leap 15.6.
Comment 5 OBSbugzilla Bot 2024-07-16 12:45:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1226157) was mentioned in
https://build.opensuse.org/request/show/1187905 Factory / sssd
Comment 7 Samuel Cabrero 2024-07-17 11:34:32 UTC 
(In reply to Giacomo Comes from comment #3)
> And continuing to talk about sssd and its issues, be aware that on Leap 15.6
> the command 'pam-config -a --sss' does not work.
> I opened boo#1226123 about this problem. It is my understanding that the
> pam-config maintainer is unwilling to acknowledge a fault in pam-config
> which means that is up to the sssd maintainers to solve the problem by
> providing the package sssd-32bit for Leap 15.6.

The problem is that sssd-32bit is not published. As a workaround you can add the devel project repo and install from there:

> # zypper ar https://download.opensuse.org/repositories/network:/ldap/openSUSE_Tumbleweed/network:ldap.repo

@Dominique, do you know who is able to add sssd-32bit to the tumbleweed repositories?
Comment 8 Giacomo Comes 2024-07-17 13:32:53 UTC 
> The problem is that sssd-32bit is not published. As a workaround you can add
> the devel project repo and install from there:
> > # zypper ar https://download.opensuse.org/repositories/network:/ldap/openSUSE_Tumbleweed/network:ldap.repo

I have already fixed the issue for myself. I build locally sssd-32bit using
the src.rpm of sssd for Leap 15.6
The bug report is for helping the rest of the users.

> @Dominique, do you know who is able to add sssd-32bit to the tumbleweed
> repositories?

sssd-32bit is not necessary on tumbleweed. On tumbleweed the command:
  pam-config -a --sss
works. pam-config on tumbleweed does not fail if a 32-bit module is missing,
therefore sssd-32bit is not needed. The problem is on Leap 15.6 and (I guess) on SLE15SP6 and any other product where pam-config still fails if a 32-bit module is missing and sssd-32bit does not exist.