Hi All,
When SSSD is configured for proxy id_provider and a user is enumerated, GECOS field is populated with the ldap server's "cn" attribute.
# getent -s sss passwd puser1 puser1:*:1001:1001:Posix User1:/export/puser1:/bin/bash
However, if SSSD is configured for ldap id_provider and the same user is enumerated, the GECOS field remains empty.
# getent -s sss passwd puser1 puser1:*:1001:1001::/export/puser1:/bin/bash
It looks like nss_ldap switched to defaulting to using 'cn' for the gecos mapping. Perhaps SSSD should do the same?
Best regards, Shanks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/27/2010 08:48 AM, Gowrishankar Rajaiyan wrote:
Hi All,
When SSSD is configured for proxy id_provider and a user is enumerated, GECOS field is populated with the ldap server's "cn" attribute.
# getent -s sss passwd puser1 puser1:*:1001:1001:Posix User1:/export/puser1:/bin/bash
However, if SSSD is configured for ldap id_provider and the same user is enumerated, the GECOS field remains empty.
# getent -s sss passwd puser1 puser1:*:1001:1001::/export/puser1:/bin/bash
It looks like nss_ldap switched to defaulting to using 'cn' for the gecos mapping. Perhaps SSSD should do the same?
I'm a bit wary of changing the default for this on an upgrade. If we decide to make this switch, we need to do so very loudly, so deployments that are expecting "gecos" know that they'll need to set it explicitly.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
On Wed, 27 Oct 2010 09:11:00 -0400 Stephen Gallagher sgallagh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/27/2010 08:48 AM, Gowrishankar Rajaiyan wrote:
Hi All,
When SSSD is configured for proxy id_provider and a user is enumerated, GECOS field is populated with the ldap server's "cn" attribute.
# getent -s sss passwd puser1 puser1:*:1001:1001:Posix User1:/export/puser1:/bin/bash
However, if SSSD is configured for ldap id_provider and the same user is enumerated, the GECOS field remains empty.
# getent -s sss passwd puser1 puser1:*:1001:1001::/export/puser1:/bin/bash
It looks like nss_ldap switched to defaulting to using 'cn' for the gecos mapping. Perhaps SSSD should do the same?
I'm a bit wary of changing the default for this on an upgrade. If we decide to make this switch, we need to do so very loudly, so deployments that are expecting "gecos" know that they'll need to set it explicitly.
I think changing the option is simple enough for those that want to change it. I think that gecos should stay the default for the "gecos" field.
Simo.
sssd-devel@lists.fedorahosted.org