On Tue, Apr 22, 2014 at 05:12:58PM +0200, Jan Pazdziora wrote: > On Tue, Apr 22, 2014 at 02:21:58PM +0000, Simo Sorce wrote: > > > Also, this approach wouldn't work well with respect to multiple domains > > > with different schemas. > > > > > > Jan's proposal, which I like, was to change the ldap_user_extra > > > attribute syntax from: > > > ldap_user_extra_attrs = ldap_attr_name1, ldap_attr_name2 > > > > > > to: > > > ldap_user_extra_attrs = ldap_attr_name1:sysdb_attr_name1, > > > ldap_attr_name2:sysdb_attr_name2 > > > > > > The sysdb_attr_name would not be mandatory, if the sysdb name was omitted, > > > then the back end would save the attribute verbatim. > > > > > > If there was a conflict between the name the user chose (or the original > > > LDAP attribute name), the SSSD would throw an error. > > > > I like this a lot, please do it. > > > > Although I wonder, should the order be the reverse ? > > I think of it as assignments so mentally I would visualize them as: > > ldap_user_extra_attrs = internal_name_1:ldap_name_1, > > internal_name_2:ldap_name_2 > > How about > > ldap_user_extra_attrs = internal_name_1=ldap_name_1, > internal_name_2=ldap_name_2 > > then?
I need to check if this would fly well with libini which uses '=' as the key/value separator. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
