Red Hat Bugzilla – Bug 811663
Per domain formats for qualified user names
Last modified: 2012-09-06 06:58:37 EDT
In order to support the AD Domain\User style and the more usual kerberos user@realm style, sssd needs per domain re_expression and full_name_format options.
This is especially important for Samba integration. Samba only allows Domain\User format, with the exception that the slash can be replaced with another character.
Will attach a patch.
Created attachment 576821 [details]
Rough patch implementing per domain qualified user names
In order to prevent conflicts between the regular expressions
for different domains, we parse with a domains regular
expression and then check that the resulting domain matches
that domain's name.
It's not clear that we should support null-domains in these
regular expressions and sss_parse_name_for_domains(). There's
a TODO in the patch to sort this out. It may be that we choose
to have callers of sss_parse_name_for_domains() which can accept
unqualified user domains use the full input string when
parsing into a qualified name fails.
In other words, sss_parse_name_for_domains() would not support
returning a NULL *domain.
This patch touches several code paths, I haven't tested all of
them. Debugging sssd seems like a bit of a black art because
of the multiple processes :)
Make re_expression and full_name_format per domain options
* Allows different user/domain qualified names for different
domains. For example Domain\User or user@domain.
* The global re_expression and full_name_format options remain
as defaults for the domains.
This is an RFE that is part of the 1.9 upstream which is present in F18 and rawhide.