diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-31 10:59:43 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-06-03 11:31:59 +0200 |
| commit | 2969084519478a5ad75ba44d6039941216a7572c (patch) | |
| tree | e0c1f6f660a50f2b46dda982aec779e5fc4d2203 /src/config | |
| parent | 7f42b25ce49b818b534015d078bd51ee612c465c (diff) | |
| download | sssd-2969084519478a5ad75ba44d6039941216a7572c.tar.gz sssd-2969084519478a5ad75ba44d6039941216a7572c.tar.xz sssd-2969084519478a5ad75ba44d6039941216a7572c.zip | |
LDAP: Make it possible to extend an attribute map
https://fedorahosted.org/sssd/ticket/2073
This commit adds a new option ldap_user_extra_attrs that is unset by
default. When set, the option contains a list of LDAP attributes the LDAP
provider would download and store in addition to the usual set.
The list can either contain LDAP attribute names only, or colon-separated
tuples of LDAP attribute and SSSD cache attribute name. In case only LDAP
attribute name is specified, the attribute is saved to the cache verbatim.
Using a custom SSSD attribute name might be required by environments that
configure several SSSD domains with different LDAP schemas.
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/config')
| -rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 1 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 7029f5bc1..de0348b1d 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -272,6 +272,7 @@ option_strings = { 'ldap_user_nds_login_expiration_time' : _('loginExpirationTime attribute of NDS'), 'ldap_user_nds_login_allowed_time_map' : _('loginAllowedTimeMap attribute of NDS'), 'ldap_user_ssh_public_key' : _('SSH public key attribute'), + 'ldap_user_extra_attrs' : _('A list of extra attributes to download along with the user entry'), 'ldap_group_search_base' : _('Base DN for group lookups'), # not used # 'ldap_group_search_scope' : _('Scope of group lookups'), diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 91eeadf3e..af9dfa841 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -48,6 +48,7 @@ ldap_id_mapping = bool, None, false ldap_user_search_base = str, None, false ldap_user_search_scope = str, None, false ldap_user_search_filter = str, None, false +ldap_user_extra_attrs = str, None, false ldap_user_object_class = str, None, false ldap_user_name = str, None, false ldap_user_uid_number = str, None, false |