[SSSD-users] Re: Is it possible to do substring replacement in ldap home directory in sssd

[Tomas Halman]

Hi,

I think this is not possible in the current state of sssd. Having %g would
be problematic because the user can be a member of multiple groups and then
SSSD can't decide
how to expand the override. If you have a primary/private group in mind,
then honestly I do not see much value in such an extra directory in the
homedir path (maybe I missed something?).

If I have to solve this situation as an admin, I would probably try some
workaround with symlinks (cd /remote; ln -s ../local/home) on those special
nodes.

HTH
Tomáš



On Fri, Nov 5, 2021 at 9:01 AM T intervenor 
wrote:

> I know sssd has override_homedir option to modify home path getting from
> ldap, but its substitution pattern is too simple.
>
> Condider the case:
> The user is bob and its group is class1, its home directory from ldap is
> "/remote/home/class1/bob". Now we want to change the home directory on some
> specific node to "/local/home/class1/bob".
>
> However, sssd's override_homedir only provide %u to represent user name
> bob, no pattern for group class1. Thus we cannot directly set
> override_homedir to something like "/local/home/%g/%u".
>
> Another modification method is to replace substring remote to local, as if
> in bash script we can write ${home/remote/local}. override_homedir provide
> %o to represent origin ldap home path, but is it support sub string
> replacement?
> ___
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>


-- 
Tomáš Halman
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD-users] Is it possible to do substring replacement in ldap home directory in sssd

[T intervenor]

I know sssd has override_homedir option to modify home path getting from ldap, 
but its substitution pattern is too simple.

Condider the case: 
The user is bob and its group is class1, its home directory from ldap is 
"/remote/home/class1/bob". Now we want to change the home directory on some 
specific node to "/local/home/class1/bob".

However, sssd's override_homedir only provide %u to represent user name bob, no 
pattern for group class1. Thus we cannot directly set override_homedir to 
something like "/local/home/%g/%u".

Another modification method is to replace substring remote to local, as if in 
bash script we can write ${home/remote/local}. override_homedir provide %o to 
represent origin ldap home path, but is it support sub string replacement?
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure