diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-31 10:59:43 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-05-02 13:34:50 +0200 |
commit | 4dd38025efda88f123eac672f87d3cda12f050c8 (patch) | |
tree | 438cb4577369e3fff8e7b5fe5895ad811c422f4b /src/man | |
parent | fcb8e3f1f49bb34c409d8dbd75889eb72be05517 (diff) | |
download | sssd-4dd38025efda88f123eac672f87d3cda12f050c8.tar.gz sssd-4dd38025efda88f123eac672f87d3cda12f050c8.tar.xz sssd-4dd38025efda88f123eac672f87d3cda12f050c8.zip |
LDAP: Make it possible to extend an attribute map
https://fedorahosted.org/sssd/ticket/2073
This commit adds a new option ldap_user_extra_attrs that is unset by
default. When set, the option contains a list of LDAP attributes the LDAP
provider would download and store in addition to the usual set.
The list can either contain LDAP attribute names only, or colon-separated
tuples of LDAP attribute and SSSD cache attribute name. In case only LDAP
attribute name is specified, the attribute is saved to the cache verbatim.
Using a custom SSSD attribute name might be required by environments that
configure several SSSD domains with different LDAP schemas.
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/man')
-rw-r--r-- | src/man/sssd-ldap.5.xml | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index f93b418c4..6426fe4fc 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -616,6 +616,54 @@ </listitem> </varlistentry> + <varlistentry> + <term>ldap_user_extra_attrs (string)</term> + <listitem> + <para> + Comma-separated list of LDAP attributes that SSSD + would fetch along with the usual set of user + attributes. + </para> + <para> + The list can either contain LDAP attribute names + only, or colon-separated tuples of SSSD cache + attribute name and LDAP attribute name. In + case only LDAP attribute name is specified, + the attribute is saved to the cache verbatim. + Using a custom SSSD attribute name might be + required by environments that configure several + SSSD domains with different LDAP schemas. + </para> + <para> + Please note that several attribute names are + reserved by SSSD, notably the <quote>name</quote> + attribute. SSSD would report an error if any of + the reserved attribute names is used as an extra + attribute name. + </para> + <para> + Examples: + </para> + <para> + ldap_user_extra_attrs = telephoneNumber + </para> + <para> + Save the <quote>telephoneNumber</quote> attribute from LDAP + as <quote>telephoneNumber</quote> to the cache. + </para> + <para> + ldap_user_extra_attrs = phone:telephoneNumber + </para> + <para> + Save the <quote>telephoneNumber</quote> attribute from LDAP + as <quote>phone</quote> to the cache. + </para> + <para> + Default: not set + </para> + </listitem> + </varlistentry> + <varlistentry condition="with_ssh"> <term>ldap_user_ssh_public_key (string)</term> <listitem> |