In order to support the AD Domain\User style and the more usual kerberos user@realm style, sssd needs per domain re_expression and full_name_format options. This is especially important for Samba integration. Samba only allows Domain\User format, with the exception that the slash can be replaced with another character. Will attach a patch.
Upstream ticket: https://fedorahosted.org/sssd/ticket/1299
Created attachment 576821 [details] Rough patch implementing per domain qualified user names In order to prevent conflicts between the regular expressions for different domains, we parse with a domains regular expression and then check that the resulting domain matches that domain's name. It's not clear that we should support null-domains in these regular expressions and sss_parse_name_for_domains(). There's a TODO in the patch to sort this out. It may be that we choose to have callers of sss_parse_name_for_domains() which can accept unqualified user domains use the full input string when parsing into a qualified name fails. In other words, sss_parse_name_for_domains() would not support returning a NULL *domain. This patch touches several code paths, I haven't tested all of them. Debugging sssd seems like a bit of a black art because of the multiple processes :) Commit message: Make re_expression and full_name_format per domain options * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains.
This is an RFE that is part of the 1.9 upstream which is present in F18 and rawhide.