diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-31 10:59:43 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-06-03 11:31:59 +0200 |
| commit | 2969084519478a5ad75ba44d6039941216a7572c (patch) | |
| tree | e0c1f6f660a50f2b46dda982aec779e5fc4d2203 /src/man | |
| parent | 7f42b25ce49b818b534015d078bd51ee612c465c (diff) | |
| download | sssd-2969084519478a5ad75ba44d6039941216a7572c.tar.gz sssd-2969084519478a5ad75ba44d6039941216a7572c.tar.xz sssd-2969084519478a5ad75ba44d6039941216a7572c.zip | |
LDAP: Make it possible to extend an attribute map
https://fedorahosted.org/sssd/ticket/2073
This commit adds a new option ldap_user_extra_attrs that is unset by
default. When set, the option contains a list of LDAP attributes the LDAP
provider would download and store in addition to the usual set.
The list can either contain LDAP attribute names only, or colon-separated
tuples of LDAP attribute and SSSD cache attribute name. In case only LDAP
attribute name is specified, the attribute is saved to the cache verbatim.
Using a custom SSSD attribute name might be required by environments that
configure several SSSD domains with different LDAP schemas.
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/man')
| -rw-r--r-- | src/man/sssd-ldap.5.xml | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 06511d202..6306b2619 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -616,6 +616,54 @@ </listitem> </varlistentry> + <varlistentry> + <term>ldap_user_extra_attrs (string)</term> + <listitem> + <para> + Comma-separated list of LDAP attributes that SSSD + would fetch along with the usual set of user + attributes. + </para> + <para> + The list can either contain LDAP attribute names + only, or colon-separated tuples of SSSD cache + attribute name and LDAP attribute name. In + case only LDAP attribute name is specified, + the attribute is saved to the cache verbatim. + Using a custom SSSD attribute name might be + required by environments that configure several + SSSD domains with different LDAP schemas. + </para> + <para> + Please note that several attribute names are + reserved by SSSD, notably the <quote>name</quote> + attribute. SSSD would report an error if any of + the reserved attribute names is used as an extra + attribute name. + </para> + <para> + Examples: + </para> + <para> + ldap_user_extra_attrs = telephoneNumber + </para> + <para> + Save the <quote>telephoneNumber</quote> attribute from LDAP + as <quote>telephoneNumber</quote> to the cache. + </para> + <para> + ldap_user_extra_attrs = phone:telephoneNumber + </para> + <para> + Save the <quote>telephoneNumber</quote> attribute from LDAP + as <quote>phone</quote> to the cache. + </para> + <para> + Default: not set + </para> + </listitem> + </varlistentry> + <varlistentry condition="with_ssh"> <term>ldap_user_ssh_public_key (string)</term> <listitem> |