diff --git a/Makefile.am b/Makefile.am index 7dc481408c4..35d9075f783 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5683,7 +5683,6 @@ dist_noinst_DATA += \ src/tests/multihost/conftest.py \ src/tests/multihost/basic/mhc.yaml \ src/tests/multihost/basic/test_basic.py \ - src/tests/multihost/basic/test_config.py \ src/tests/multihost/basic/test_files.py \ src/tests/multihost/basic/test_ifp.py \ src/tests/multihost/basic/test_kcm.py \ diff --git a/src/confdb/confdb_setup.c b/src/confdb/confdb_setup.c index 5b459262ea2..ca75a0dcbd8 100644 --- a/src/confdb/confdb_setup.c +++ b/src/confdb/confdb_setup.c @@ -28,6 +28,22 @@ #include "confdb_setup.h" #include "util/sss_ini.h" +#define CONFDB_BASE_LDIF \ + "dn: @ATTRIBUTES\n" \ + "cn: CASE_INSENSITIVE\n" \ + "dc: CASE_INSENSITIVE\n" \ + "dn: CASE_INSENSITIVE\n" \ + "name: CASE_INSENSITIVE\n" \ + "objectclass: CASE_INSENSITIVE\n" \ + "\n" \ + "dn: @INDEXLIST\n" \ + "@IDXATTR: cn\n" \ + "\n" \ + "dn: @MODULES\n" \ + "@LIST: server_sort\n" \ + "\n" + + static int confdb_purge(struct confdb_ctx *cdb) { int ret; @@ -116,9 +132,7 @@ static int confdb_ldif_from_ini_file(TALLOC_CTX *mem_ctx, return EOK; } -static int confdb_write_ldif(struct confdb_ctx *cdb, - const char *config_ldif, - bool replace_whole_db) +static int confdb_write_ldif(struct confdb_ctx *cdb, const char *config_ldif) { int ret; struct ldb_ldif *ldif; @@ -133,21 +147,11 @@ static int confdb_write_ldif(struct confdb_ctx *cdb, } } else { ret = ldb_add(cdb->ldb, ldif->msg); - if (ret != LDB_SUCCESS && replace_whole_db == false) { - /* This section already existed, remove and re-add it. We - * really want to replace the whole thing instead of messing - * around with changetypes and flags on individual elements - */ - ret = ldb_delete(cdb->ldb, ldif->msg->dn); - if (ret == LDB_SUCCESS) { - ret = ldb_add(cdb->ldb, ldif->msg); - } - } } if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, - "Failed to initialize DB (%d,[%s]), aborting!\n", + "Failed to update DB (%d,[%s]), aborting!\n", ret, ldb_errstring(cdb->ldb)); return EIO; } @@ -215,19 +219,14 @@ static int confdb_init_db(const char *config_file, } in_transaction = true; - /* Purge existing database, if we are reinitializing the confdb completely */ - if (only_section == NULL) { - ret = confdb_purge(cdb); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Could not purge existing configuration\n"); - goto done; - } + ret = confdb_purge(cdb); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Could not purge existing configuration\n"); + goto done; } - ret = confdb_write_ldif(cdb, - config_ldif, - only_section == NULL ? true : false); + ret = confdb_write_ldif(cdb, config_ldif); if (ret != EOK) { goto done; } diff --git a/src/confdb/confdb_setup.h b/src/confdb/confdb_setup.h index d816c7ea0a7..c2186f753d2 100644 --- a/src/confdb/confdb_setup.h +++ b/src/confdb/confdb_setup.h @@ -27,21 +27,6 @@ #include "util/util_errors.h" -#define CONFDB_BASE_LDIF \ - "dn: @ATTRIBUTES\n" \ - "cn: CASE_INSENSITIVE\n" \ - "dc: CASE_INSENSITIVE\n" \ - "dn: CASE_INSENSITIVE\n" \ - "name: CASE_INSENSITIVE\n" \ - "objectclass: CASE_INSENSITIVE\n" \ - "\n" \ - "dn: @INDEXLIST\n" \ - "@IDXATTR: cn\n" \ - "\n" \ - "dn: @MODULES\n" \ - "@LIST: server_sort\n" \ - "\n" - struct confdb_ctx; errno_t confdb_setup(TALLOC_CTX *mem_ctx, diff --git a/src/man/sssd.8.xml b/src/man/sssd.8.xml index 5f507c631ec..eeefe38e30f 100644 --- a/src/man/sssd.8.xml +++ b/src/man/sssd.8.xml @@ -145,33 +145,6 @@ - - - , - - - - Do not start the SSSD, but refresh the configuration - database from the contents of - /etc/sssd/sssd.conf and exit. - - - - - - , - - - - Similar to --genconf, but only refresh - a single section from the configuration file. This - option is useful mainly to be called from systemd - unit files to allow socket-activated responders - to refresh their configuration without requiring - the administrator to restart the whole SSSD. - - - diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 2cf8a476041..034d17c0fc9 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1478,7 +1478,6 @@ static int monitor_ctx_destructor(void *mem) errno_t load_configuration(TALLOC_CTX *mem_ctx, const char *config_file, const char *config_dir, - const char *only_section, struct mt_ctx **monitor) { errno_t ret; @@ -1502,21 +1501,15 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, goto done; } - ret = confdb_setup(ctx, cdb_file, config_file, config_dir, only_section, - false, &ctx->cdb); + + ret = confdb_setup(ctx, cdb_file, config_file, config_dir, NULL, false, + &ctx->cdb); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to setup ConfDB [%d]: %s\n", ret, sss_strerror(ret)); goto done; } - /* return EOK for genconf-section to exit 0 when no - * sssd configuration exists (KCM use case) */ - if (only_section != NULL) { - *monitor = NULL; - goto done; - } - /* Validate the configuration in the database */ /* Read in the monitor's configuration */ ret = get_monitor_config(ctx); @@ -1542,7 +1535,7 @@ errno_t load_configuration(TALLOC_CTX *mem_ctx, done: talloc_free(cdb_file); - if (ret != EOK || only_section != NULL) { + if (ret != EOK) { talloc_free(ctx); } return ret; @@ -1986,12 +1979,10 @@ int main(int argc, const char *argv[]) poptContext pc; int opt_daemon = 0; int opt_interactive = 0; - int opt_genconf = 0; int opt_version = 0; char *opt_config_file = NULL; const char *opt_logger = NULL; char *config_file = NULL; - char *opt_genconf_section = NULL; int flags = FLAGS_NO_WATCHDOG; struct main_context *main_ctx; TALLOC_CTX *tmp_ctx; @@ -2013,10 +2004,6 @@ int main(int argc, const char *argv[]) _("Become a daemon (default)"), NULL }, {"interactive", 'i', POPT_ARG_NONE, &opt_interactive, 0, _("Run interactive (not a daemon)"), NULL}, - {"genconf", 'g', POPT_ARG_NONE, &opt_genconf, 0, - _("Refresh the configuration database, then exit"), NULL}, - {"genconf-section", 's', POPT_ARG_STRING, &opt_genconf_section, 0, - _("Similar to --genconf, but only refreshes the given section"), NULL}, {"version", '\0', POPT_ARG_NONE, &opt_version, 0, _("Print version number and exit"), NULL }, POPT_TABLEEND @@ -2048,28 +2035,13 @@ int main(int argc, const char *argv[]) cmdline_debug_timestamps = debug_timestamps; cmdline_debug_microseconds = debug_microseconds; - if (opt_genconf_section) { - /* --genconf-section implies genconf, just limited to a single section */ - opt_genconf = 1; - } - if (opt_genconf && (opt_daemon || opt_interactive)) { - ERROR("Option -g is incompatible with -D or -i\n"); - poptPrintUsage(pc, stderr, 0); - return 1; - } - if (opt_genconf) { - if (!opt_logger) { - opt_logger = sss_logger_str[STDERR_LOGGER]; - } - } - if (opt_daemon && opt_interactive) { ERROR("Option -i|--interactive is not allowed together with -D|--daemon\n"); poptPrintUsage(pc, stderr, 0); return 1; } - if (!opt_daemon && !opt_interactive && !opt_genconf) { + if (!opt_daemon && !opt_interactive) { opt_daemon = 1; } if (opt_daemon) { @@ -2133,58 +2105,53 @@ int main(int argc, const char *argv[]) } #endif - /* Check if the SSSD is already running and for nscd conflicts unless we're - * only interested in re-reading the configuration - */ - if (opt_genconf == 0) { - ret = check_file(SSSD_PIDFILE, 0, 0, S_IFREG|0600, 0, NULL, false); - if (ret == EOK) { - ret = check_pidfile(SSSD_PIDFILE); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, - "pidfile exists at %s\n", SSSD_PIDFILE); - ERROR("SSSD is already running\n"); - return 5; - } + /* Check if the SSSD is already running and for nscd conflicts */ + ret = check_file(SSSD_PIDFILE, 0, 0, S_IFREG|0600, 0, NULL, false); + if (ret == EOK) { + ret = check_pidfile(SSSD_PIDFILE); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "pidfile exists at %s\n", SSSD_PIDFILE); + ERROR("SSSD is already running\n"); + return 5; } + } - /* Warn if nscd seems to be running */ - ret = check_file(NSCD_SOCKET_PATH, - -1, -1, S_IFSOCK, S_IFMT, NULL, false); - if (ret == EOK) { - ret = sss_nscd_parse_conf(NSCD_CONF_PATH); - - switch (ret) { - case ENOENT: - sss_log(SSS_LOG_NOTICE, - "NSCD socket was detected. NSCD caching capabilities " - "may conflict with SSSD for users and groups. It is " - "recommended not to run NSCD in parallel with SSSD, " - "unless NSCD is configured not to cache the passwd, " - "group, netgroup and services nsswitch maps."); - break; - - case EEXIST: - sss_log(SSS_LOG_NOTICE, - "NSCD socket was detected and seems to be configured " - "to cache some of the databases controlled by " - "SSSD [passwd,group,netgroup,services]. It is " - "recommended not to run NSCD in parallel with SSSD, " - "unless NSCD is configured not to cache these."); - break; - - case EOK: - DEBUG(SSSDBG_TRACE_FUNC, "NSCD socket was detected and it " - "seems to be configured not to interfere with " - "SSSD's caching capabilities\n"); - } - } + /* Warn if nscd seems to be running */ + ret = check_file(NSCD_SOCKET_PATH, + -1, -1, S_IFSOCK, S_IFMT, NULL, false); + if (ret == EOK) { + ret = sss_nscd_parse_conf(NSCD_CONF_PATH); + + switch (ret) { + case ENOENT: + sss_log(SSS_LOG_NOTICE, + "NSCD socket was detected. NSCD caching capabilities " + "may conflict with SSSD for users and groups. It is " + "recommended not to run NSCD in parallel with SSSD, " + "unless NSCD is configured not to cache the passwd, " + "group, netgroup and services nsswitch maps."); + break; + case EEXIST: + sss_log(SSS_LOG_NOTICE, + "NSCD socket was detected and seems to be configured " + "to cache some of the databases controlled by " + "SSSD [passwd,group,netgroup,services]. It is " + "recommended not to run NSCD in parallel with SSSD, " + "unless NSCD is configured not to cache these."); + break; + + case EOK: + DEBUG(SSSDBG_TRACE_FUNC, "NSCD socket was detected and it " + "seems to be configured not to interfere with " + "SSSD's caching capabilities\n"); + } } /* Parse config file, fail if cannot be done */ ret = load_configuration(tmp_ctx, config_file, CONFDB_DEFAULT_CONFIG_DIR, - opt_genconf_section, &monitor); + &monitor); if (ret != EOK) { switch (ret) { case EPERM: @@ -2205,10 +2172,6 @@ int main(int argc, const char *argv[]) return 5; } - /* at this point we are done generating the config file, we may exit - * if that's all we were asked to do */ - if (opt_genconf) return 0; - /* set up things like debug, signals, daemonization, etc. */ monitor->conf_path = CONFDB_MONITOR_CONF_ENTRY; ret = close(STDIN_FILENO); diff --git a/src/tests/multihost/basic/test_config.py b/src/tests/multihost/basic/test_config.py deleted file mode 100644 index 8d4847b9e5f..00000000000 --- a/src/tests/multihost/basic/test_config.py +++ /dev/null @@ -1,114 +0,0 @@ -""" SSSD Configuration-related Test Cases - -:requirement: IDM-SSSD-REQ: Configuration merging -:casecomponent: sssd -:subsystemteam: sst_idm_sssd -:upstream: yes -:status: approved -""" - -import pytest -from utils_config import remove_section, set_param - - -class TestSSSDConfig(object): - """ - Test cases around SSSD config management - """ - def _assert_config_value(self, multihost, section, key, value): - # This would really be much, much nicer to implement using python-ldb - # but at the moment, the multihost tests rely on a virtual environment - # where everything is pip-installed..and python-ldb is not present in - # pip - confdb_dn = 'cn=%s,cn=config' % (section) - ldb_cmd = 'ldbsearch -H /var/lib/sss/db/config.ldb -b %s' % (confdb_dn) - cmd = multihost.master[0].run_command(ldb_cmd) - check_str = '%s: %s' % (key, value) - assert check_str in cmd.stdout_text - - @pytest.mark.converted('test_config.py', 'test_config__change_config_while_sssd_running') - def test_sssd_genconf_sssd_running(self, multihost): - """ - :title: config: sssd --genconf is able to re-generate - the configuration even while SSSD is running - :id: 078721e9-536b-4fd8-a36d-bd94673228fc - """ - multihost.master[0].service_sssd('restart') - - self._assert_config_value(multihost, 'pam', 'debug_level', '9') - - set_param(multihost, 'pam', 'debug_level', '1') - multihost.master[0].run_command('/usr/sbin/sssd --genconf') - self._assert_config_value(multihost, 'pam', 'debug_level', '1') - - set_param(multihost, 'pam', 'debug_level', '9') - - @pytest.mark.converted('test_config.py', 'test_config__genconf_particular_section') - def test_sssd_genconf_section_only(self, multihost): - """ - :title: config: sssd --genconf-section only - refreshes those sections given on the command line - :id: 011bf2ad-4a2a-4350-adfa-7826349e262f - """ - multihost.master[0].service_sssd('restart') - - self._assert_config_value(multihost, 'pam', 'debug_level', '9') - self._assert_config_value(multihost, 'nss', 'debug_level', '9') - - set_param(multihost, 'pam', 'debug_level', '1') - set_param(multihost, 'nss', 'debug_level', '1') - multihost.master[0].run_command( - '/usr/sbin/sssd --genconf-section=pam') - - # We only told genconf to touch the pam section.. - self._assert_config_value(multihost, 'pam', 'debug_level', '1') - # ..so the NSS section shouldn't be updated at all - self._assert_config_value(multihost, 'nss', 'debug_level', '9') - - set_param(multihost, 'nss', 'debug_level', '9') - set_param(multihost, 'pam', 'debug_level', '9') - - @pytest.mark.converted('test_config.py', 'test_config__add_remove_section') - def test_sssd_genconf_add_remove_section(self, multihost): - """ - :title: config: sssd --genconf-section can not only modify - existing configuration sections, but also add a new section - :id: 8df66b51-aadc-456e-8f27-a1a787e61769 - """ - # Establish a baseline - multihost.master[0].service_sssd('restart') - self._assert_config_value(multihost, 'pam', 'debug_level', '9') - self._assert_config_value(multihost, 'nss', 'debug_level', '9') - - set_param(multihost, 'foo', 'bar', 'baz') - - multihost.master[0].run_command( - '/usr/sbin/sssd --genconf-section=foo') - - ldb_cmd = 'ldbsearch -H /var/lib/sss/db/config.ldb -b cn=foo,cn=config' - cmd = multihost.master[0].run_command(ldb_cmd) - assert 'bar: baz' in cmd.stdout_text - - remove_section(multihost, 'foo') - multihost.master[0].run_command( - '/usr/sbin/sssd --genconf-section=foo') - - ldb_cmd = 'ldbsearch -H /var/lib/sss/db/config.ldb -b cn=foo,cn=config' - cmd = multihost.master[0].run_command(ldb_cmd) - assert 'foo' not in cmd.stdout_text - # Also make sure the existing sections were intact - self._assert_config_value(multihost, 'pam', 'debug_level', '9') - self._assert_config_value(multihost, 'nss', 'debug_level', '9') - - @pytest.mark.converted('test_config.py', 'test_config__genconf_no_such_section') - def test_sssd_genconf_no_such_section(self, multihost): - """ - :title: config: Referencing a non-existant section must not fail - :id: 4e160dcc-9789-4f3f-b8d4-c67d27ef4a1c - :description: Referencing a non-existant section must not fail, - because we want to call this command from the systemd unit files - and by default the sections don't have to be present - """ - multihost.master[0].service_sssd('restart') - multihost.master[0].run_command( - '/usr/sbin/sssd --genconf-section=xyz') diff --git a/src/tests/system/tests/test_config.py b/src/tests/system/tests/test_config.py deleted file mode 100644 index b4a522a05ee..00000000000 --- a/src/tests/system/tests/test_config.py +++ /dev/null @@ -1,172 +0,0 @@ -""" -SSSD Configuration-related Test Cases - -:requirement: IDM-SSSD-REQ: Configuration merging -""" - -from __future__ import annotations - -import pytest -from sssd_test_framework.roles.client import Client -from sssd_test_framework.topology import KnownTopologyGroup - - -@pytest.mark.importance("critical") -@pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_config__change_config_while_sssd_running(client: Client): - """ - :title: Re-generate config while SSSD is running - :setup: - 1. In pam domain set "debug_level" to 9 - 2. Start SSSD - :steps: - 1. Check that "debug_level" in pam domain is 9 - 2. Change "debug_level" in pam to 1 - 3. Apply config changes - 4. Call "sssd --genconf" - 5. Check that "debug_level" in pam is 1 - :expectedresults: - 1. "debug_level" is set to 9 - 2. "debug_level" is changed successfully - 3. Changes are apllied successfully - 4. "sssd --genconf" is called successfully - 5. "debug_level" is set to 1 - :customerscenario: False - """ - client.sssd.pam["debug_level"] = "9" - client.sssd.start() - - result = client.ldb.search("/var/lib/sss/db/config.ldb", "cn=pam,cn=config") - assert result["cn=pam,cn=config"]["debug_level"] == ["9"] - - client.sssd.pam["debug_level"] = "1" - client.sssd.config_apply() - client.sssd.genconf() - - result = client.ldb.search("/var/lib/sss/db/config.ldb", "cn=pam,cn=config") - assert result["cn=pam,cn=config"]["debug_level"] == ["1"] - - -@pytest.mark.importance("critical") -@pytest.mark.config -@pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_config__genconf_particular_section(client: Client): - """ - :title: Re-generate only particular section in config while SSSD is running - :setup: - 1. In pam domain set "debug_level" to 9 - 2. In nss domain set "debug_level" to 9 - 3. Start SSSD - :steps: - 1. Check that "debug_level" in pam domain is 9 - 2. Check that "debug_level" in nss domain is 9 - 3. Change "debug_level" in pam and in nss to 1 - 4. Apply config changes - 5. Call "sssd --genconf-section==pam" - 6. Check that "debug_level" in pam is 1 - 7. Check that "debug_level" in nss remained 9 - :expectedresults: - 1. "debug_level" is set to 9 - 2. "debug_level" is set to 9 - 3. "debug_level" is changed successfully - 4. Changes are apllied successfully - 5. "sssd --genconf-section==pam" is called successfully - 6. "debug_level" in pam is 1 - 7. "debug_level" in nss remains 9 - :customerscenario: False - """ - client.sssd.pam["debug_level"] = "9" - client.sssd.nss["debug_level"] = "9" - client.sssd.start() - - result = client.ldb.search("/var/lib/sss/db/config.ldb") - assert result["cn=pam,cn=config"]["debug_level"] == ["9"] - assert result["cn=nss,cn=config"]["debug_level"] == ["9"] - - client.sssd.pam["debug_level"] = "1" - client.sssd.nss["debug_level"] = "1" - client.sssd.config_apply() - - client.sssd.genconf("pam") - - result = client.ldb.search("/var/lib/sss/db/config.ldb") - assert result["cn=pam,cn=config"]["debug_level"] == ["1"] - assert result["cn=nss,cn=config"]["debug_level"] == ["9"] - - -@pytest.mark.importance("critical") -@pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_config__add_remove_section(client: Client): - """ - :title: Add and remove new section to config file - with --genconf-section while SSSD is running - :setup: - 1. In pam domain set "debug_level" to 9 - 2. In nss domain set "debug_level" to 9 - 3. Start SSSD - :steps: - 1. Check that "debug_level" in pam and nss is 9 - 2. Add new section to config with key, value pair set - 3. Apply config changes - 4. Call "sssd --genconf-section==$newSection" - 5. Check that the new section is properly set - 6. Remove new section - 7. Call "sssd --genconf-section==$newSection" - 8. Check that the new section was deleted - 9. Check that "debug_level" in pam and nss is 9 - :expectedresults: - 1. "debug_level" is set to 9 in both domains - 2. Added successfully - 3. New configuration was written - 4. Changes are applied successfully - 5. "sssd --genconf-section==$newSection" is called successfully - 6. New section is removed successfully - 7. "sssd --genconf-section==$newSection" is called successfully - 8. New section was deleted correctly - 9. "debug_level" in pam and nss remained 9 - :customerscenario: False - """ - client.sssd.pam["debug_level"] = "9" - client.sssd.nss["debug_level"] = "9" - client.sssd.start() - - result = client.ldb.search("/var/lib/sss/db/config.ldb") - assert result["cn=pam,cn=config"]["debug_level"] == ["9"] - assert result["cn=nss,cn=config"]["debug_level"] == ["9"] - - client.sssd.config["new_section"] = {"key": "value"} - client.sssd.config_apply(check_config=False) - client.sssd.genconf("new_section") - - result = client.ldb.search("/var/lib/sss/db/config.ldb", "cn=new_section,cn=config") - assert result["cn=new_section,cn=config"]["key"] == ["value"] - - del client.sssd.config["new_section"] - - client.sssd.config_apply() - client.sssd.genconf("new_section") - - result = client.ldb.search("/var/lib/sss/db/config.ldb") - assert result["cn=pam,cn=config"]["debug_level"] == ["9"] - assert result["cn=nss,cn=config"]["debug_level"] == ["9"] - with pytest.raises(KeyError): - assert result["cn=new_section,cn=config"]["key"] != ["value"] - - -@pytest.mark.importance("critical") -@pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_config__genconf_no_such_section(client: Client): - """ - :title: genconf-section with nonexisting section did not fail - :setup: - 1. Start SSSD - :steps: - 1. Call 'sssd --genconf-section=$nonexistingSection' - :expectedresults: - 1. Call did not fail - :customerscenario: False - """ - client.sssd.start() - result = client.sssd.genconf("nonexistingSection") - assert result.rc == 0 - assert not result.stderr diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c index 6290da8ce9b..450d8150d7a 100644 --- a/src/util/sss_ini.c +++ b/src/util/sss_ini.c @@ -424,14 +424,6 @@ int sss_confdb_create_ldif(TALLOC_CTX *mem_ctx, size_t ldif_len = 0; size_t attr_len; struct value_obj *obj = NULL; - bool section_handled = true; - - if (only_section != NULL) { - /* If the section is specified, we must handle it, either by adding - * its contents or by deleting the section if it doesn't exist - */ - section_handled = false; - } tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { @@ -460,11 +452,6 @@ int sss_confdb_create_ldif(TALLOC_CTX *mem_ctx, if (strcasecmp(only_section, sections[i])) { DEBUG(SSSDBG_TRACE_FUNC, "Skipping section %s\n", sections[i]); continue; - } else { - /* Mark the requested section as handled so that we don't - * try to re-add it later - */ - section_handled = true; } } @@ -554,39 +541,6 @@ int sss_confdb_create_ldif(TALLOC_CTX *mem_ctx, talloc_free(dn); } - - if (only_section != NULL && section_handled == false) { - /* If only a single section was supposed to be - * handled, but it wasn't found in the INI file, - * create an LDIF that would remove the section - */ - ret = parse_section(tmp_ctx, only_section, &sec_dn, NULL); - if (ret != EOK) { - goto error; - } - - dn = talloc_asprintf(tmp_ctx, - "dn: %s,cn=config\n" - "changetype: delete\n\n", - sec_dn); - if (dn == NULL) { - ret = ENOMEM; - goto error; - } - dn_size = strlen(dn); - - tmp_ldif = talloc_realloc(mem_ctx, ldif, char, - ldif_len+dn_size+1); - if (!tmp_ldif) { - ret = ENOMEM; - goto error; - } - - ldif = tmp_ldif; - memcpy(ldif+ldif_len, dn, dn_size); - ldif_len += dn_size; - } - if (ldif == NULL) { ret = ERR_INI_EMPTY_CONFIG; goto error;