Skip to content

sssd: add ldb-modules-path#8116

Merged
alexey-tikhonov merged 1 commit intoSSSD:masterfrom
liberodark:lbd
Nov 5, 2025
Merged

sssd: add ldb-modules-path#8116
alexey-tikhonov merged 1 commit intoSSSD:masterfrom
liberodark:lbd

Conversation

@liberodark
Copy link
Contributor

@liberodark liberodark commented Sep 27, 2025
edited
Loading

Hi,

This PR adds a configure option to specify LDB modules path at build time:
./configure --with-ldb-modules-path="/custom/path1:/custom/path2"

This fixes the "Module [memberof] not found" issue that occurs when LDB modules are installed in non-standard locations. Instead of requiring each distribution to maintain their own patch, this provides a standard way to handle different installation paths.

The implementation:

  • Adds the configure option via WITH_LDB_MODULES_PATH macro
  • Sets LDB_MODULES_PATH once during initialization
  • Respects any pre-existing environment variable (uses setenv with overwrite=0)

:packaging: Add --with-ldb-modules-path=PATH configure option to specify LDB modules path at build time.

Best regards

@liberodark liberodark marked this pull request as draft September 27, 2025 13:06
gemini-code-assist[bot]
gemini-code-assist bot reviewed Sep 27, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a mechanism to override the LDB modules path at build time via a configure option. The implementation is mostly correct, but the core logic in sss_ldb_init_modules_path has a potential thread-safety issue and uses fprintf to stderr for error reporting, which is not suitable for daemonized processes. I've provided a suggestion to address these points by using an atomic flag for initialization and the SSSD logging infrastructure for error messages.

@liberodark liberodark force-pushed the lbd branch 2 times, most recently from 286911b to 1535eb1 Compare September 27, 2025 13:18
@liberodark liberodark marked this pull request as ready for review September 27, 2025 13:19
@liberodark liberodark changed the title sssd: add lbd module path sssd: add ldb-modules-path Sep 27, 2025
@alexey-tikhonov
Copy link
Member

alexey-tikhonov commented Sep 30, 2025

/gemini review

gemini-code-assist[bot]
gemini-code-assist bot reviewed Sep 30, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new configure option, --with-ldb-modules-path, to allow overriding the LDB_MODULES_PATH environment variable at build time. The implementation is well-structured, adding the necessary autotools macros and a new C source file to handle setting the environment variable. The logic to set the variable is correctly placed in confdb_init and is made thread-safe using an atomic_flag. My review found one high-severity issue: the implementation does not override an existing LDB_MODULES_PATH environment variable, which contradicts the documented behavior of the new option. A code suggestion has been provided to fix this.

@alexey-tikhonov
Copy link
Member

alexey-tikhonov commented Sep 30, 2025

Hi,

./configure --with-ldb-modules-path="/custom/path1:/custom/path2"
Have fix issue about that and i think this would be good adding for not making specific patch.

what is your platform / use case?

@alexey-tikhonov alexey-tikhonov added the no-backport This should go to target branch only. label Sep 30, 2025
@liberodark
Copy link
Contributor Author

liberodark commented Sep 30, 2025

Hi,

./configure --with-ldb-modules-path="/custom/path1:/custom/path2"
Have fix issue about that and i think this would be good adding for not making specific patch.

what is your platform / use case?

Hi,

This is a fix that can be applied to many systems currently.
However, the problem is present on Nixos.
To avoid having to patch and have a cleaner solution, I took the time to find a clean solution for integration into SSSD directly, thus having:
--with-ldb-modules-path="${placeholder "out"}/modules/ldb:${ldb}/modules/ldb"

Best Regards

@liberodark liberodark force-pushed the lbd branch 2 times, most recently from 680781a to 074b094 Compare September 30, 2025 13:29
@liberodark
Copy link
Contributor Author

liberodark commented Sep 30, 2025

/gemini review

gemini-code-assist[bot]
gemini-code-assist bot reviewed Sep 30, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds a new configure option --with-ldb-modules-path to override the LDB_MODULES_PATH environment variable. This is a useful feature for custom builds. The implementation is generally sound, integrating well with the autotools build system and initializing the environment variable at an appropriate point. However, I've identified a critical thread-safety issue in the new initialization logic that could lead to a race condition and undefined behavior. My review includes a detailed comment and a code suggestion to resolve this issue.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Sep 30, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new configure option --with-ldb-modules-path to allow overriding the LDB_MODULES_PATH at build time. The changes correctly add the configure logic and call the initialization function at the right place. However, the implementation of the initialization function has a critical flaw that prevents it from working as intended, and it is also not thread-safe. My review includes a suggestion to fix both issues.

alexey-tikhonov
alexey-tikhonov reviewed Oct 1, 2025
View reviewed changes
alexey-tikhonov
alexey-tikhonov reviewed Oct 1, 2025
View reviewed changes
@alexey-tikhonov
Copy link
Member

alexey-tikhonov commented Oct 1, 2025

Please add a :packaging: release note to the commit message.
See

sssd/.git-commit-template

Line 15 in 481700d

# :packaging: Packaging change description.

@alexey-tikhonov alexey-tikhonov self-assigned this Oct 1, 2025
alexey-tikhonov
alexey-tikhonov reviewed Oct 1, 2025
View reviewed changes
@alexey-tikhonov
Copy link
Member

alexey-tikhonov commented Oct 1, 2025

:packaging: Add --with-ldb-modules-path=PATH configure option to specify LDB modules path at build time.

Thank you. But this should be included directly into commit message (not merely in the github PR description) - project has an automation to generate release notes automatically from git history.

@liberodark
Copy link
Contributor Author

liberodark commented Oct 1, 2025

:packaging: Add --with-ldb-modules-path=PATH configure option to specify LDB modules path at build time.

Thank you. But this should be included directly into commit message (not merely in the github PR description) - project has an automation to generate release notes automatically from git history.

Hi,

Sorry I misunderstood, I'll correct that.

Best Regards

@alexey-tikhonov alexey-tikhonov added Waiting for review coverity Trigger a coverity scan and removed coverity Trigger a coverity scan labels Oct 1, 2025
@sumit-bose
Copy link
Contributor

sumit-bose commented Oct 2, 2025

Hi,

./configure --with-ldb-modules-path="/custom/path1:/custom/path2"
Have fix issue about that and i think this would be good adding for not making specific patch.

what is your platform / use case?

Hi,

This is a fix that can be applied to many systems currently. However, the problem is present on Nixos. To avoid having to patch and have a cleaner solution, I took the time to find a clean solution for integration into SSSD directly, thus having: --with-ldb-modules-path="${placeholder "out"}/modules/ldb:${ldb}/modules/ldb"

Best Regards

Hi,

would something like ldbmoddir="$PKG_CONFIG --variable=modulesdir ldb" or similar in a configure m4 file work as well to automatically discover the modules paths of the platform?

bye,
Sumit

@liberodark
Copy link
Contributor Author

liberodark commented Oct 2, 2025

Hi,

./configure --with-ldb-modules-path="/custom/path1:/custom/path2"
Have fix issue about that and i think this would be good adding for not making specific patch.

what is your platform / use case?

Hi,
This is a fix that can be applied to many systems currently. However, the problem is present on Nixos. To avoid having to patch and have a cleaner solution, I took the time to find a clean solution for integration into SSSD directly, thus having: --with-ldb-modules-path="${placeholder "out"}/modules/ldb:${ldb}/modules/ldb"
Best Regards

Hi,

would something like ldbmoddir="$PKG_CONFIG --variable=modulesdir ldb" or similar in a configure m4 file work as well to automatically discover the modules paths of the platform?

bye, Sumit

Hi,

In nixOS build-time path from pkg-config would differ from the runtime path due to store-based packaging.
But is good suggestion.
My approach is more global to avoid making specific cases.

Best Regards

@sumit-bose
Copy link
Contributor

sumit-bose commented Oct 6, 2025

Hi,

In nixOS build-time path from pkg-config would differ from the runtime path due to store-based packaging. But is good suggestion. My approach is more global to avoid making specific cases.

Hi,

thanks for the explanation. It would be nice if nixOS developers would consider to fix this so that pkg-config and similar tools can show proper run-time paths, where needed. But let's continue with your approach for the time being.

bye,
Sumit

Best Regards

sumit-bose
sumit-bose reviewed Oct 6, 2025
View reviewed changes
sumit-bose
sumit-bose reviewed Oct 6, 2025
View reviewed changes
@liberodark
Copy link
Contributor Author

liberodark commented Oct 7, 2025

Hi,
In nixOS build-time path from pkg-config would differ from the runtime path due to store-based packaging. But is good suggestion. My approach is more global to avoid making specific cases.

Hi,

thanks for the explanation. It would be nice if nixOS developers would consider to fix this so that pkg-config and similar tools can show proper run-time paths, where needed. But let's continue with your approach for the time being.

bye, Sumit

Best Regards

Hi,

I'll take the time to look into it, but I don't think the two are incompatible.

Best Regards

@liberodark
Copy link
Contributor Author

liberodark commented Oct 16, 2025

Hi, @sumit-bose

Sorry for the delay in updating.

Best Regards

sumit-bose
sumit-bose approved these changes Oct 17, 2025
View reviewed changes
Copy link
Contributor

@sumit-bose sumit-bose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

thank you for the updates, I have no further comments, ACK.

bye,
Sumit

@alexey-tikhonov alexey-tikhonov added the coverity Trigger a coverity scan label Oct 17, 2025
@pbrezina pbrezina force-pushed the master branch 2 times, most recently from f5d64b3 to b854636 Compare November 4, 2025 14:27
@alexey-tikhonov alexey-tikhonov removed the coverity Trigger a coverity scan label Nov 5, 2025
@alexey-tikhonov
Copy link
Member

alexey-tikhonov commented Nov 5, 2025

Note: Covscan is green.

@liberodark @sssd-bot
confdb: Add --with-ldb-modules-path configure option
43119ab 
Add configure option to specify LDB modules path at build time.
This allows distributions to set the correct path when LDB modules
are installed in non-standard locations.

The path is set once during confdb initialization if configured,
respecting any pre-existing LDB_MODULES_PATH environment variable.

:packaging: Add --with-ldb-modules-path=PATH configure option to specify LDB modules path at build time.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
@sssd-bot
Copy link
Contributor

sssd-bot commented Nov 5, 2025

The pull request was accepted by @alexey-tikhonov with the following PR CI status:

🟢 CodeFactor (success)
🟢 CodeQL (success)
NEUTRAL osh-diff-scan:fedora-rawhide-x86_64:upstream (neutral)
🟢 rpm-build:centos-stream-10-x86_64:upstream (success)
🟢 rpm-build:fedora-41-x86_64:upstream (success)
🟢 rpm-build:fedora-42-x86_64:upstream (success)
🟢 rpm-build:fedora-43-x86_64:upstream (success)
🟢 rpm-build:fedora-rawhide-x86_64:upstream (success)
🟢 Analyze (target) / All tests are successful (success)
🟢 Analyze (target) / cppcheck (success)
🟢 Build / freebsd (success)
🟢 Build / make-distcheck (success)
🔴 ci / All tests are successful (failure)
🟢 ci / intgcheck (centos-10) (success)
🟢 ci / intgcheck (fedora-41) (success)
🟢 ci / intgcheck (fedora-42) (success)
🔴 ci / intgcheck (fedora-43) (failure)
🟢 ci / intgcheck (fedora-44) (success)
🟢 ci / prepare (success)
🟢 ci / system (centos-10) (success)
🟢 ci / system (fedora-41) (success)
🟢 ci / system (fedora-42) (success)
🟢 ci / system (fedora-43) (success)
🟢 ci / system (fedora-44) (success)
➖ Coverity scan / coverity (skipped)
🟢 Static code analysis / All tests are successful (success)
🟢 Static code analysis / codeql (success)
🟢 Static code analysis / pre-commit (success)
🟢 Static code analysis / python-system-tests (success)

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.

@alexey-tikhonov alexey-tikhonov merged commit 7a903e8 into SSSD:master Nov 5, 2025
9 of 25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sumit-bose sumit-bose sumit-bose approved these changes

@alexey-tikhonov alexey-tikhonov alexey-tikhonov approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@sumit-bose sumit-bose

@alexey-tikhonov alexey-tikhonov

Labels

Accepted no-backport This should go to target branch only.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@liberodark @alexey-tikhonov @sumit-bose @sssd-bot