On Tue, Apr 22, 2014 at 05:12:58PM +0200, Jan Pazdziora wrote:
> On Tue, Apr 22, 2014 at 02:21:58PM +0000, Simo Sorce wrote:
>>> Also, this approach wouldn't work well with respect to multiple domains
>>> with different schemas.
>>>
>>> Jan's proposal, which I like, was to change the ldap_user_extra
>>> attribute syntax from:
>>> ldap_user_extra_attrs = ldap_attr_name1, ldap_attr_name2
>>>
>>> to:
>>> ldap_user_extra_attrs = ldap_attr_name1:sysdb_attr_name1,
ldap_attr_name2:sysdb_attr_name2
>>>
>>> The sysdb_attr_name would not be mandatory, if the sysdb name was omitted,
>>> then the back end would save the attribute verbatim.
>>>
>>> If there was a conflict between the name the user chose (or the original
>>> LDAP attribute name), the SSSD would throw an error.
>> I like this a lot, please do it.
>>
>> Although I wonder, should the order be the reverse ?
>> I think of it as assignments so mentally I would visualize them as:
>> ldap_user_extra_attrs = internal_name_1:ldap_name_1, internal_name_2:ldap_name_2
> How about
>
> ldap_user_extra_attrs = internal_name_1=ldap_name_1, internal_name_2=ldap_name_2
>
> then?
I need to check if this would fly well with libini which uses '=' as the
key/value separator.
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
INI looks only for the first occurrence of the "=" so the syntax would
be fine but I prefer ":" anyways.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.