URL:
https://github.com/SSSD/sssd/pull/21
Title: #21: IFP: expose user and group unique IDs through DBus
tequeter commented:
"""
> I considered using the gid provided by SSSD for that purpose
(but it is not
> guaranteed to be consistent on all computers, from sssd-ldap(5)/ID MAPPING),
Could you quote please?
From sssd-ldap(5):
NOTE: It is possible to encounter collisions in the hash and
subsequent modulus. In these situations, we will select the next available slice, but it
may not be possible to reproduce the same exact set of slices on other machines (since the
order that they are encountered will determine their slice).
The customer will be performing authorization at application level by matching the group
identifiers to identifiers "well known" to the application. Thus they must have
a value guaranteed to be identical everywhere.
In that regard GUIDs seem rock-solid, while hashed values sound more leaving a ticking
bomb behind me (new domains, mergers etc.)
As for ```user_attributes```: it's not available for groups, only for users. It would
have fit the bill perfectly otherwise.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/21#issuecomment-247951686