Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add subid option to select the sssd profile with-subid. #974

Merged
merged 1 commit into from
Mar 8, 2023
Merged

Add subid option to select the sssd profile with-subid. #974

merged 1 commit into from
Mar 8, 2023

Conversation

dkarpele
Copy link
Collaborator

@dkarpele dkarpele commented Nov 7, 2022
edited

Create support for subid option for ipaclient_setup_nss role.
RFE #919

Signed-off-by: Denis Karpelevich dkarpele@redhat.com

@rjeffman rjeffman added the DRAFT label Nov 10, 2022
@rjeffman rjeffman marked this pull request as draft November 10, 2022 01:52
@t-woerner t-woerner marked this pull request as ready for review November 17, 2022 13:02
@dkarpele dkarpele force-pushed the dkarpele-919 branch 2 times, most recently from b3522c7 to 9888387 Compare November 18, 2022 16:34
@dkarpele dkarpele force-pushed the dkarpele-919 branch 2 times, most recently from dc9a3e3 to ca827ab Compare November 29, 2022 16:40
@dkarpele dkarpele changed the title WIP: Add subid option to select the sssd profile with-subid. Add subid option to select the sssd profile with-subid. Dec 5, 2022
@rjeffman rjeffman removed the DRAFT label Dec 29, 2022
@rjeffman
Copy link
Member

rjeffman commented Jan 4, 2023

Please, ignore ansible-lint failures at this time. A PR with the fixes for those issues is being prepared.

@dkarpele dkarpele self-assigned this Feb 15, 2023
@t-woerner
Copy link
Member

The only use of subid in ipaserver/install/server/replicainstall.py and ipaserver/install/server/install.py are to be able to pass the value to the client and client part installation. ipaclient_subid only need to be mentioned in the server and replica readme files as client options. A further change of ipaserver and ipareplica role is not needed in my opinion. ipaclient_subid is used and implemented in the ipaclient role.

@dkarpele dkarpele force-pushed the dkarpele-919 branch 2 times, most recently from adc400a to 56d4308 Compare February 27, 2023 15:27
t-woerner
t-woerner approved these changes Mar 2, 2023
View reviewed changes
Copy link
Member

@t-woerner t-woerner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@t-woerner
Copy link
Member

Please add more information to the commit message. Also a reference to the freeipa issue might be good to have.

@dkarpele
Add subid option to select the sssd profile with-subid.
2b0b7db 
This is an ansible-freeipa update for the freeipa RFE:
https://pagure.io/freeipa/issue/9159
"`ipa-client-install` should provide option to enable `subid: sss`
in `/etc/nsswitch.conf`".

This option allows to configure authselect with the sssd
profile + with-subid feature, in order to have SSSD setup as
a datasource for subid in /etc/nsswitch.conf.

The default behavior remains unchanged: without the option,
/etc/nsswitch.conf keeps the line subid: files

Signed-off-by: Denis Karpelevich <dkarpele@redhat.com>
@dkarpele
Copy link
Collaborator Author

dkarpele commented Mar 6, 2023

commit message updated

@t-woerner
Copy link
Member

Thanks for the update.

@t-woerner t-woerner merged commit 3cc17a4 into freeipa:master Mar 8, 2023
@dkarpele dkarpele deleted the dkarpele-919 branch March 8, 2023 15:42
@dkarpele dkarpele restored the dkarpele-919 branch March 21, 2023 10:42
@rjeffman rjeffman mentioned this pull request Aug 28, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rjeffman rjeffman rjeffman left review comments

@t-woerner t-woerner t-woerner approved these changes

Assignees

@dkarpele dkarpele

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@dkarpele @rjeffman @t-woerner