Merge ~kstenerud/ubuntu/+source/sssd:xenial-sssd-pidfile-1777860 into ubuntu/+source/sssd:ubuntu/xenial-devel
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | Andreas Hasenack | ||||
Approved revision: | 609dbcc1eed2875e93dfe683f943deeabc6a790d | ||||
Merged at revision: | 609dbcc1eed2875e93dfe683f943deeabc6a790d | ||||
Proposed branch: | ~kstenerud/ubuntu/+source/sssd:xenial-sssd-pidfile-1777860 | ||||
Merge into: | ubuntu/+source/sssd:ubuntu/xenial-devel | ||||
Diff against target: |
56 lines (+34/-0) 3 files modified
debian/changelog (+7/-0) debian/patches/add-back-pidfile.patch (+26/-0) debian/patches/series (+1/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Andreas Hasenack | Approve | ||
Canonical Server | Pending | ||
Review via email: mp+358149@code.launchpad.net |
Description of the change
Merge Proposal:
The PIDFILE entry in /lib/systemd/
* d/p/add-
/lib/
PPA: ppa:kstenerud/
Steps to test:
# lxc launch ubuntu-daily:xenial tester
# lxc exec tester bash
# apt update
# apt dist-upgrade -y
# apt install -y sssd
# echo "[nss]
filter_groups = root
filter_users = root
reconnection_
[pam]
reconnection_
[sssd]
config_file_version = 2
reconnection_
sbus_timeout = 30
services = nss, pam
domains = europe.
[domain/
#With this as false, a simple "getent passwd" for testing won't work. You must do getent passwd <email address hidden>
enumerate = false
cache_credentials = true
id_provider = ldap
access_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldaps:/
ldap_search_base = dc=europe,
ldap_tls_cacert = /etc/ssl/
#This parameter requires that the DC present a completely validated certificate chain. If you're testing or don't care, use 'allow' or 'never'.
ldap_tls_reqcert = demand
krb5_realm = EUROPE.EXAMPLE.COM
dns_discovery_
ldap_schema = rfc2307bis
ldap_access_order = expire
ldap_account_
ldap_force_
ldap_user_
ldap_group_
ldap_user_
ldap_user_name = sAMAccountName
ldap_user_fullname = displayName
ldap_user_
ldap_user_principal = userPrincipalName
ldap_group_
ldap_group_name = sAMAccountName
#Bind credentials
ldap_default_
ldap_default_
[domain/
#With this as false, a simple "getent passwd" for testing won't work. You must do getent passwd <email address hidden>
enumerate = false
cache_credentials = true
id_provider = ldap
access_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_uri = ldaps:/
ldap_search_base = dc=asia,
ldap_tls_cacert = /etc/ssl/
#This parameter requires that the DC present a completely validated certificate chain. If you're testing or don't care, use 'allow' or 'never'.
ldap_tls_reqcert = demand
krb5_realm = ASIA.EXAMPLE.COM
dns_discovery_
ldap_schema = rfc2307bis
ldap_access_order = expire
ldap_account_
ldap_force_
ldap_user_
ldap_group_
ldap_user_
ldap_user_name = sAMAccountName
ldap_user_fullname = displayName
ldap_user_
ldap_user_principal = userPrincipalName
ldap_group_
ldap_group_name = sAMAccountName
#Bind credentials
ldap_default_
ldap_default_
# chmod 600 /etc/sssd/sssd.conf
# service sssd start
# pkill -KILL -F /var/run/sssd.pid
# service sssd start
Job for sssd.service failed because the control process exited with error code. See "systemctl status sssd.service" and "journalctl -xe" for details.
# journalctl -xe
...
Oct 30 10:25:46 xtest sssd[7110]: SSSD is already running
# add-apt-repository -y ppa:kstenerud/
# apt update
# apt dist-upgrade
# service sssd start
Package Tests:
There are no tests in this package.
Thanks for this, some changes requested inline.