On Fri, Jan 29, 2016 at 05:18:06PM +0100, Sumit Bose wrote:
On Fri, Jan 29, 2016 at 04:47:04PM +0100, Bolke de Bruin wrote:
> In my setup (hello Hadoop!) I have the requirement to simplify user names from a
trusted domain (Ad -> FreeIPA -> sssd)
> so they don’t contain “@“. Furthermore, “id username” needs to return information.
> Thus bolke(a)ad.local <mailto:firstname.lastname@example.org> needs to become bolke (or
bolke_ad_local). And “id -Gn bolke” needs
> to return my group memberships.
If it is only about the '@' sign I would recommend to use the sssd
options full_name_format and re_expression.
full_name_format defines how the name return e.g by getent passwd or if
looks like. E.g with
full_name_format = %1$s_%2$s
the name is returned as 'bolke_ad.local' or with
full_name_format = %1$s_%3$s
the name is returned as 'bolke_ad' if 'ad' is the NetBIOS domain name of
your AD domain. Please note that you have to remove the SSSD cache with
rm after a change of full_name_format.
re_expression tells SSSD how to parse the input and with
SSSD should be able to understand 'bolke_ad.local' or 'bolke_ad' as
input as well.
You can find more details about the options in the sssd.conf man page.
I would just add that shortnames (that is, if you used only
full_name_format=$1) would probably not work as tracked in:
Unfortunately this is not so easy to fix until we finish some pending
changes to our internal database..