debcrafters-packages team mailing list archive

Thread
Date

[Bug 2119081] [NEW] ssd and realm - not able to list effective simple_allow_users from secondary configurations under /etc/sssd/conf.d/

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Baby Philip <2119081@xxxxxxxxxxxxxxxxxx>
Date: Wed, 30 Jul 2025 06:28:02 -0000
Reply-to: Bug 2119081 <2119081@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

As per the sssd man page, the configuration from secondary configuration
files in /etc/sssd/conf.d/ folder take precedence over the
/etc/sssd/sssd.conf file settings.

Accordingly, if you have the below in /etc/sssd/sssd.conf
simple_allow_users = userA

and below in /etc/sssd/conf.d/test.conf
simple_allow_users = userB

only 'userB' will have the permission to login. This has been tested and
verified.

But when you list the permitted-logins using the command "realm list", it will always list the below entries from the /etc/sssd/sssd.conf "simple_allow_users" parameter no matter if it was overridden by same parameter from file in /etc/sssd/conf.d/
permitted-logins: userA

This information returned by 'realm list' is incorrect and misleading. If I change the /etc/sssd/sssd.conf entry to below and restart sssd service, "realm list" will update accordingly. 
simple_allow_users = userC

Tested package versions:
sssd - 2.9.4-1.1ubuntu6.2
realmd - 0.17.1-3build2

Bug is reported here as well:
https://gitlab.freedesktop.org/realmd/realmd/-/issues/43

** Affects: realmd (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to realmd in Ubuntu.
https://bugs.launchpad.net/bugs/2119081

Title:
  ssd and realm - not able to list effective simple_allow_users from
  secondary configurations under /etc/sssd/conf.d/

Status in realmd package in Ubuntu:
  New

Bug description:
  As per the sssd man page, the configuration from secondary
  configuration files in /etc/sssd/conf.d/ folder take precedence over
  the /etc/sssd/sssd.conf file settings.

  Accordingly, if you have the below in /etc/sssd/sssd.conf
  simple_allow_users = userA

  and below in /etc/sssd/conf.d/test.conf
  simple_allow_users = userB

  only 'userB' will have the permission to login. This has been tested
  and verified.

  But when you list the permitted-logins using the command "realm list", it will always list the below entries from the /etc/sssd/sssd.conf "simple_allow_users" parameter no matter if it was overridden by same parameter from file in /etc/sssd/conf.d/
  permitted-logins: userA

  This information returned by 'realm list' is incorrect and misleading. If I change the /etc/sssd/sssd.conf entry to below and restart sssd service, "realm list" will update accordingly. 
  simple_allow_users = userC

  Tested package versions:
  sssd - 2.9.4-1.1ubuntu6.2
  realmd - 0.17.1-3build2

  Bug is reported here as well:
  https://gitlab.freedesktop.org/realmd/realmd/-/issues/43

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/realmd/+bug/2119081/+subscriptions

Follow ups

[Bug 2119081] Re: ssd and realm - not able to list effective simple_allow_users from secondary configurations under /etc/sssd/conf.d/
From: Ural Tunaboyu, 2025-07-31
[Bug 2119081] Re: ssd and realm - not able to list effective simple_allow_users from secondary configurations under /etc/sssd/conf.d/
From: Andreas Hasenack, 2025-07-30