URL: https://github.com/SSSD/sssd/pull/21 Title: #21: IFP: expose user and group unique IDs through DBus
tequeter commented: """
I considered using the gid provided by SSSD for that purpose (but it is not guaranteed to be consistent on all computers, from sssd-ldap(5)/ID MAPPING),
Could you quote please?
From sssd-ldap(5):
NOTE: It is possible to encounter collisions in the hash and subsequent modulus. In these situations, we will select the next available slice, but it may not be possible to reproduce the same exact set of slices on other machines (since the order that they are encountered will determine their slice).
The customer will be performing authorization at application level by matching the group identifiers to identifiers "well known" to the application. Thus they must have a value guaranteed to be identical everywhere.
In that regard GUIDs seem rock-solid, while hashed values sound more leaving a ticking bomb behind me (new domains, mergers etc.)
As for ```user_attributes```: it's not available for groups, only for users. It would have fit the bill perfectly otherwise. """
See the full comment at https://github.com/SSSD/sssd/pull/21#issuecomment-247951686