On Tue, Jan 29, 2013 at 10:50:02PM +0200, Alexander Bokovoy wrote:
And here I'm coming to grave error in the SSSD code: the name of
explicit mapping file contains non-filtered domain name, which contains
dot. krb5.conf manual page states that includedir allows to source all
files which names are constructed from alpha-numeric chars, dashes and
underscores.
Files with other characters are ignored. So dots as in
domain_realm_example.com are ignored and our mapping is never sourced.
For IDN domains we also will need to transform the name into its
Punycode (RFC3492) to avoid breaking out of alpha-numeric space.
I'd suggest replacing dots with underscores.
Please file a ticket