On Tue, Apr 22, 2014 at 05:12:58PM +0200, Jan Pazdziora wrote:
On Tue, Apr 22, 2014 at 02:21:58PM +0000, Simo Sorce wrote:
> > Also, this approach wouldn't work well with respect to multiple domains
> > with different schemas.
> >
> > Jan's proposal, which I like, was to change the ldap_user_extra
> > attribute syntax from:
> > ldap_user_extra_attrs = ldap_attr_name1, ldap_attr_name2
> >
> > to:
> > ldap_user_extra_attrs = ldap_attr_name1:sysdb_attr_name1,
ldap_attr_name2:sysdb_attr_name2
> >
> > The sysdb_attr_name would not be mandatory, if the sysdb name was omitted,
> > then the back end would save the attribute verbatim.
> >
> > If there was a conflict between the name the user chose (or the original
> > LDAP attribute name), the SSSD would throw an error.
>
> I like this a lot, please do it.
>
> Although I wonder, should the order be the reverse ?
> I think of it as assignments so mentally I would visualize them as:
> ldap_user_extra_attrs = internal_name_1:ldap_name_1, internal_name_2:ldap_name_2
How about
ldap_user_extra_attrs = internal_name_1=ldap_name_1, internal_name_2=ldap_name_2
then?
I need to check if this would fly well with libini which uses '=' as the
key/value separator.