On Thu, May 28, 2015 at 11:30:34AM +0200, Jakub Hrozek wrote:
> On Thu, May 28, 2015 at 11:23:23AM +0200, Pavel Reichl wrote:
>>
>> On 05/28/2015 10:34 AM, Jakub Hrozek wrote:
>>> On Wed, May 27, 2015 at 08:00:44PM +0200, Pavel Reichl wrote:
>>>> Hello,
>>>>
>>>> please see design page for simple - RFE: Do not always override home
>>>> directory with subdomain_homedir value in server mode.
>>>>
>>>>
https://fedorahosted.org/sssd/wiki/DesignDocs/use_AD_homedir
>>>>
>>>>
**************************************************************************
>>>>
**************************************************************************
>>>>
**************************************************************************
>>>>
>>>> = Do not always override home directory with subdomain_homedir value in
>>>> server mode =
>>>>
>>>> Related ticket(s):
>>>> *
https://fedorahosted.org/sssd/ticket/2583
>>>>
>>>> === Problem statement ===
>>>> Prior to sssd 1.12, we didn't have the ability to read home directory
values
>>> >from AD in AD-IPA trust setups at all. Instead, we always used the
>>>> `subdomain_homedir` value. We can read custom LDAP values now, but in
order
>>>> to stay backwards-compatible, we kept using the `subdomain_homedir`
value.
>>>>
>>>> === Use cases ===
>>>> Users from AD with POSIX attributes want to use individually set value
for
>>>> home directory.
>>>>
>>>> === Overview of the solution ===
>>>> `subdomain_homedir` for SSSD in server mode should support '%o'
template
>>>> expansion (The original home directory retrieved from the identity
>>>> provider). In case when `subdomain_homedir` would be expanded to an
empty
>>>> string ('subdomain_homedir=%o' and AD user without POSIX
attributes) SSSD
>>>> should not error out but `fallback_homedir` should be utilized instead.
>>> Are you proposing to change the default of subdomain_homedir from
/home/%d/%u
>>> to /home/%o as well? I think we can do that in a major release if we
>>> properly document the change, but I think then fallback_homedir in IPA
>>> server mode should be changed to /home/%d/%u at the same time.
>> No I'm not proposing such change. But I like it and I can add it do design
>> page and implement it.
> Let's discuss it on the meeting today (and then circle back to the list
> so everything is recorded)
As long as this only relates to SSSD in ipa-server-mode we can use the
type of the idranges to switch the default of subdomain_homedir?
I am sorry I
don't follow. Could you please elaborate on how we can
switch the default of subdomain_homedir based on type of the id ranges?
Thanks!
bye,
Sumit
>> I would do that in a separate patch so we can delay
>> release of this change for a major release as you proposed. Does this work
>> for you?
> By major release I mean 1.13 :-) But yes, this should be a separate
> change.
> _______________________________________________
> sssd-devel mailing list
> sssd-devel(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel