Bug 811663

Summary: Per domain formats for qualified user names
Product: [Fedora] Fedora Reporter: Stef Walter <stefw>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: jhrozek, sbose, sgallagh, ssorce, stefw
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-06 10:58:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Rough patch implementing per domain qualified user names none

Description Stef Walter 2012-04-11 16:34:02 UTC 
In order to support the AD Domain\User style and the more usual kerberos user@realm style, sssd needs per domain re_expression and full_name_format options.

This is especially important for Samba integration. Samba only allows Domain\User format, with the exception that the slash can be replaced with another character.

Will attach a patch.
Comment 1 Dmitri Pal 2012-04-11 16:40:14 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1299
Comment 2 Stef Walter 2012-04-11 16:43:31 UTC 
Created attachment 576821 [details]
Rough patch implementing per domain qualified user names

In order to prevent conflicts between the regular expressions
for different domains, we parse with a domains regular
expression and then check that the resulting domain matches
that domain's name.

It's not clear that we should support null-domains in these
regular expressions and sss_parse_name_for_domains(). There's 
a TODO in the patch to sort this out. It may be that we choose 
to have callers of sss_parse_name_for_domains() which can accept
unqualified user domains use the full input string when
parsing into a qualified name fails.

In other words, sss_parse_name_for_domains() would not support
returning a NULL *domain.

This patch touches several code paths, I haven't tested all of
them. Debugging sssd seems like a bit of a black art because
of the multiple processes :)

Commit message:

Make re_expression and full_name_format per domain options

 * Allows different user/domain qualified names for different
   domains. For example Domain\User or user@domain.
 * The global re_expression and full_name_format options remain
   as defaults for the domains.
Comment 3 Jakub Hrozek 2012-09-06 10:58:37 UTC 
This is an RFE that is part of the 1.9 upstream which is present in F18 and rawhide.