#3859 doc ldap_user_extra_attrs use of colons
Opened a month ago by josephholsten. Modified a month ago

(man/sssd.conf.5.xml)[https://github.com/SSSD/sssd/blob/master/src/man/sssd.conf.5.xml#L3233] documents ldap_user_extra_attrs to accept a value of phone:telephoneNumber.

Does that mean that it will look up the telephoneNumber attribute value, and expose it with a key of phone?

Would there be any meaningful difference between ldap_user_extra_attrs = telephoneNumber and ldap_user_extra_attrs = telephoneNumber:telephoneNumber?

Can we update the doc to explain that?


Thank you for the ticket.

I think the sssd-ldap manual page has a better explanation where it says:

           Examples:

           ldap_user_extra_attrs = telephoneNumber

           Save the “telephoneNumber” attribute from LDAP as “telephoneNumber” to the cache.

           ldap_user_extra_attrs = phone:telephoneNumber

           Save the “telephoneNumber” attribute from LDAP as “phone” to the cache.

If you think it would make the documentation clearer, I can amend also the sssd.conf docs to say something like the sssd-ldap manual page says.

That would be great! It's also not entirely clear to me if I have to put something in ldap_user_extra_attrs to use it from eg ldap_user_ssh_public_key.

OK, let me send a PR. But I don't understand your use case with the public key, can you explain in better to me, please?

I'm trying to have sss_ssh_authorizedkeys query against a user's sshPubKeys attribute (as from openssh-ldap-publickey) instead of ipaSshPubKey.

Then just setting ldap_user_ssh_public_key = sshPubKeys should do what you want.

btw the user ssh public key is already fetched by default. You don't have to add it to the extra attributes list. The extra attribtues list is mostly useful if you use the D-Bus API and want to access some attributes that sssd doesn't fetch by default already.

Login to comment on this ticket.

Metadata