On Tue, Apr 22, 2014 at 02:21:58PM +0000, Simo Sorce wrote:
> > Also, this approach wouldn't work well with respect to multiple domains
> > with different schemas.
> >
> > Jan's proposal, which I like, was to change the ldap_user_extra
> > attribute syntax from:
> > ldap_user_extra_attrs = ldap_attr_name1, ldap_attr_name2
> >
> > to:
> > ldap_user_extra_attrs = ldap_attr_name1:sysdb_attr_name1,
> > ldap_attr_name2:sysdb_attr_name2
> >
> > The sysdb_attr_name would not be mandatory, if the sysdb name was omitted,
> > then the back end would save the attribute verbatim.
> >
> > If there was a conflict between the name the user chose (or the original
> > LDAP attribute name), the SSSD would throw an error.
>
> I like this a lot, please do it.
>
> Although I wonder, should the order be the reverse ?
> I think of it as assignments so mentally I would visualize them as:
> ldap_user_extra_attrs = internal_name_1:ldap_name_1,
> internal_name_2:ldap_name_2
How about
ldap_user_extra_attrs = internal_name_1=ldap_name_1,
internal_name_2=ldap_name_2
then?
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
