Bug 1062124

Summary: sssd-ipa missing sssd-ad requirement in Factory
Product: [openSUSE] openSUSE Tumbleweed Reporter: Christian Neyers <neyers>
Component: BasesystemAssignee: Chris Kowalczyk <ckowalczyk>
Status: RESOLVED FIXED QA Contact: E-mail List <opensuse-communityscreening>
Severity: Normal    
Priority: P1 - Urgent CC: ckowalczyk, dakechi, varkoly
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE Factory   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Christian Neyers 2017-10-06 18:01:22 UTC 
Currently, the Factory package for sssd-ipa does not specify the requirement of sssd-ad.
Due to missing the sssd_pac binary, starting the sssd service fails with

>[sssd] [service_startup_handler] (0x0010): Could not exec /usr/lib/sssd/sssd_pac --uid 0 --gid 0 --debug-to-files, reason: No such file or directory

According to the man page of sssd-ipa:

>The IPA provider will use the PAC responder if the Kerberos tickets of users from
>trusted realms contain a PAC. To make configuration easier the PAC responder is
>started automatically if the IPA ID provider is configured.

This issue was apparently (I'm not authorized to access) reported in

https://bugzilla.opensuse.org/show_bug.cgi?id=1021441

and then fixed for Leap in revision 10 of sssd:

https://build.opensuse.org/package/rdiff/openSUSE:Leap:42.3/sssd?linkrev=base&rev=10

From sssd.changes:

>Tue Feb  7 09:46:59 UTC 2017 - hguo@suse.com
>
>- The IPA provider depends on AD provider's PAC executable, hence
>  introducing the package dependency. (bsc#1021441)
Comment 2 Christian Neyers 2018-04-22 11:11:57 UTC 
I'd like to bump this issue in light of the coming Leap 15 release.

As a fix is already employed for Leap 42.3, I just branched network:ldap/sssd
and effectively copy&pasted the fix. If so desired, I can submit the change
back.
Comment 3 Stefan Behlert 2018-04-24 07:05:46 UTC 
Should be fixed for SLE 15 and Leap
Comment 5 Diego Vinicius Akechi 2018-06-08 14:49:12 UTC 
Closing as SLES and Leap have the fix already.