sssd.conf(8): the relationship between subdomain_homedir and override_homedir is a bit unclear, at least the way it is written
georgemarselis-nvi opened this issue · 0 comments
Allow me to say first how i picture this in my mind:
subdomain_homedir has a default value of /home/%d/%u. This allows holding multiple domains, without mixing users.
A sysadmin like me sets subdomain_homedir to their own path value, e.g. /nfs/home/%d/%u . That, should be in the global section, to be easy to find and set. The value of subdomain_homedir is the default for all providers, unless subdomain_homedir is set for the individual provider or subdomain. Order of importance, higher order gets value overwritten by lower importance:
- [sssd]
subdomain_homedir - [PROVIDER]
subdomain_homedir - [domain]
subdomain_homedir
for any subdomain,
- sssd checks if the provider checks the appropriate LDAP/AD home directory property for a value.
- If such a value exists, it uses the provided value from LDAP/AD, overwriting the default
subdomain_homedirand printing an INFO message to syslog. - If such a value does not exist, it uses the value in
subdomain_homedirand prints an INFO message to syslog.
- If such a value exists, it uses the provided value from LDAP/AD, overwriting the default
Now, using the above logic, override_homedir seems useless.
What confuses me in the man page that override_homedir is introduced, fully-fleshed out, before subdomain_homedir . subdomain_homedir is given the 3-line treatment, with an extra parameter. That makes override_homedir seem it has higher importance in the configuration file, than override_homedir .
So, which one of the two values should the sysadmin use? subdomain_homedir or override_homedir ? Is there a specific reason override_homedir exists? Should I check how are the two values parsed in the code and make a diagram? or is it a case of "every provider has their own thing and we need to bonk them on the head with a stick to play nice"?
Have a great weekend guys!
Edit: there is also a comment in override_homedir:
This option can also be set per domain and per section
Sorry, but that seems a bit... Perl-y. Why does [rec] need override_homedir, for example?