On 04/22/2014 11:16 AM, Jakub Hrozek wrote:
On Tue, Apr 22, 2014 at 05:12:58PM +0200, Jan Pazdziora wrote:
On Tue, Apr 22, 2014 at 02:21:58PM +0000, Simo Sorce wrote:
Also, this approach wouldn't work well with respect to multiple domains
with different schemas.
Jan's proposal, which I like, was to change the ldap_user_extra
attribute syntax from:
ldap_user_extra_attrs = ldap_attr_name1, ldap_attr_name2
to:
ldap_user_extra_attrs = ldap_attr_name1:sysdb_attr_name1,
ldap_attr_name2:sysdb_attr_name2
The sysdb_attr_name would not be mandatory, if the sysdb name was omitted,
then the back end would save the attribute verbatim.
If there was a conflict between the name the user chose (or the original
LDAP attribute name), the SSSD would throw an error.
I like this a lot, please do it.
Although I wonder, should the order be the reverse ?
I think of it as assignments so mentally I would visualize them as:
ldap_user_extra_attrs = internal_name_1:ldap_name_1, internal_name_2:ldap_name_2
How about
ldap_user_extra_attrs = internal_name_1=ldap_name_1,
internal_name_2=ldap_name_2
then?
I need to check if this would fly well with libini which uses '=' as the
key/value separator.
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
INI looks only for the first occurrence of the "=" so the syntax would
be fine but I prefer ":" anyways.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
