Learn more about these different git repos.
(man/sssd.conf.5.xml)[https://github.com/SSSD/sssd/blob/master/src/man/sssd.conf.5.xml#L3233] documents ldap_user_extra_attrs to accept a value of phone:telephoneNumber.
ldap_user_extra_attrs
phone:telephoneNumber
Does that mean that it will look up the telephoneNumber attribute value, and expose it with a key of phone?
telephoneNumber
phone
Would there be any meaningful difference between ldap_user_extra_attrs = telephoneNumber and ldap_user_extra_attrs = telephoneNumber:telephoneNumber?
ldap_user_extra_attrs = telephoneNumber
ldap_user_extra_attrs = telephoneNumber:telephoneNumber
Can we update the doc to explain that?
Thank you for the ticket.
I think the sssd-ldap manual page has a better explanation where it says:
Examples: ldap_user_extra_attrs = telephoneNumber Save the “telephoneNumber” attribute from LDAP as “telephoneNumber” to the cache. ldap_user_extra_attrs = phone:telephoneNumber Save the “telephoneNumber” attribute from LDAP as “phone” to the cache.
If you think it would make the documentation clearer, I can amend also the sssd.conf docs to say something like the sssd-ldap manual page says.
That would be great! It's also not entirely clear to me if I have to put something in ldap_user_extra_attrs to use it from eg ldap_user_ssh_public_key.
ldap_user_ssh_public_key
OK, let me send a PR. But I don't understand your use case with the public key, can you explain in better to me, please?
I'm trying to have sss_ssh_authorizedkeys query against a user's sshPubKeys attribute (as from openssh-ldap-publickey) instead of ipaSshPubKey.
sss_ssh_authorizedkeys
sshPubKeys
ipaSshPubKey
Then just setting ldap_user_ssh_public_key = sshPubKeys should do what you want.
btw the user ssh public key is already fetched by default. You don't have to add it to the extra attributes list. The extra attribtues list is mostly useful if you use the D-Bus API and want to access some attributes that sssd doesn't fetch by default already.
Login to comment on this ticket.