#703 LDAP should look at cn when gecos is missing

Created 7 years ago by ossman
Modified a year ago

nss_ldap gives you cn when gecos is missing from a user. This is a very nice feature as cn supports unicode whilst gecos is limited to ASCII. gecos is therefore to a large extent a legacy attribute. sssd should mimic nss_ldap's behaviour.

(this might be a rfc2307 vs rfc2307bis issue, but the sssd code doesn't seem to have any schema differences in this regard)

Fields changed

component: SSSD => LDAP Provider
tests: 0 => 1

We should add a new option {{{ldap_user_name_alt}}} that defaults to "cn".

milestone: NEEDS_TRIAGE => SSSD 1.6.0
owner: somebody => sgallagh

From the RFC 2307 standard:

   An account's GECOS field is preferably determined by a value of the
   gecos attribute. If no gecos attribute exists, the value of the cn
   attribute MUST be used. (The existence of the gecos attribute allows
   information embedded in the GECOS field, such as a user's telephone
   number, to be returned to the client without overloading the cn
   attribute. It also accommodates directories where the common name
   does not contain the user's full name.)

Our default configuration is out of compliance with RFC2307 in this situation. We need to re-evaluate the priority of this bug.

coverity: =>
milestone: SSSD 1.6.0 => NEEDS_TRIAGE
priority: major => critical
upgrade: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.6.0

Fields changed

status: new => assigned

Fields changed

milestone: SSSD 1.6.0 => SSSD 1.5.5

Fields changed

summary: [enh] LDAP should look at cn when gecos is missing => LDAP should look at cn when gecos is missing
type: enhancement => defect

Fixed in ec6c3a4

resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

a year ago

Metadata Update from @ossman:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.5.5

Login to comment on this ticket.

defect

LDAP Provider

1.4.1

0

0

cancel