From 426ba2686f3b255f676132d97030b4e837eb1138 Mon Sep 17 00:00:00 2001
From: James Hodgkinson <james@terminaloutcomes.com>
Date: Tue, 8 Apr 2025 14:26:48 +1000
Subject: [PATCH] fix: throw errors when users will not be able to auth

---
 unix_integration/common/src/unix_config.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/unix_integration/common/src/unix_config.rs b/unix_integration/common/src/unix_config.rs
index e47224635..09dd7d069 100644
--- a/unix_integration/common/src/unix_config.rs
+++ b/unix_integration/common/src/unix_config.rs
@@ -458,6 +458,16 @@ impl UnixdConfig {
 
     fn apply_from_config_v2(self, config: ConfigV2) -> Result<Self, UnixIntegrationError> {
         let kanidm_config = if let Some(kconfig) = config.kanidm {
+            match &kconfig.pam_allowed_login_groups {
+                None => {
+                    error!("You have a 'kanidm' section in the config but an empty pam_allowed_login_groups set. USERS CANNOT AUTH.")
+                }
+                Some(groups) => {
+                    if groups.is_empty() {
+                        error!("You have a 'kanidm' section in the config but an empty pam_allowed_login_groups set. USERS CANNOT AUTH.");
+                    }
+                }
+            }
             Some(KanidmConfig {
                 conn_timeout: kconfig.conn_timeout.unwrap_or(DEFAULT_CONN_TIMEOUT),
                 request_timeout: kconfig.request_timeout.unwrap_or(DEFAULT_CONN_TIMEOUT * 2),
@@ -465,6 +475,9 @@ impl UnixdConfig {
                 map_group: kconfig.map_group,
             })
         } else {
+            error!(
+                "You are using a version 2 config without a 'kanidm' section. USERS CANNOT AUTH."
+            );
             None
         };