Title: #21: IFP: expose user and group unique IDs through DBus
> > I considered using the gid provided by SSSD for that purpose (but it is not
> > guaranteed to be consistent on all computers, from sssd-ldap(5)/ID MAPPING),
> Could you quote please?
> NOTE: It is possible to encounter collisions in the hash and subsequent
> modulus. In these situations, we will select the next available slice, but it
> may not be possible to reproduce the same exact set of slices on other
> machines (since the order that they are encountered will determine their
The customer will be performing authorization at application level by matching
the group identifiers to identifiers "well known" to the application. Thus they
must have a value guaranteed to be identical everywhere.
In that regard GUIDs seem rock-solid, while hashed values sound more leaving a
ticking bomb behind me (new domains, mergers etc.)
As for ```user_attributes```: it's not available for groups, only for users. It
would have fit the bill perfectly otherwise.
See the full comment at
sssd-devel mailing list -- firstname.lastname@example.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org