Hi, I would like to retrieve additional attribute from user object in AD , 'homeDirectory', which contains string pointing to windows share path on a samba server . The option 'user_attribute' allows that setup in [nss] section together with ' ifp' service. [sssd] services = ..,nss,ifp [nss] user_attribute = +homeDirectory
I can't figure out how this extra attribute is mapped by SSSD; I would like map it to environment variable per user at login, or in any other usable way. Any hints? Thanks in advance.
Best, longina
On Tue, Jan 19, 2016 at 11:28:05AM +0000, Longina Przybyszewska wrote:
Hi, I would like to retrieve additional attribute from user object in AD , 'homeDirectory', which contains string pointing to windows share path on a samba server . The option 'user_attribute' allows that setup in [nss] section together with ' ifp' service. [sssd] services = ..,nss,ifp [nss] user_attribute = +homeDirectory
I can't figure out how this extra attribute is mapped by SSSD; I would like map it to environment variable per user at login, or in any other usable way. Any hints? Thanks in advance.
Would it help in your setup to fetch the extra attribute via dbus-send?
-----Oprindelig meddelelse----- Fra: Jakub Hrozek [mailto:jhrozek@redhat.com] Sendt: 19. januar 2016 21:56 Til: sssd-users@lists.fedorahosted.org Emne: [SSSD-users] Re: User_attribute option
On Tue, Jan 19, 2016 at 11:28:05AM +0000, Longina Przybyszewska wrote:
Hi, I would like to retrieve additional attribute from user object in AD , 'homeDirectory', which contains string pointing to windows share path on
a samba server .
The option 'user_attribute' allows that setup in [nss] section together with '
ifp' service.
[sssd] services = ..,nss,ifp [nss] user_attribute = +homeDirectory
I can't figure out how this extra attribute is mapped by SSSD; I would like map it to environment variable per user at login, or in any other usable
way.
Any hints? Thanks in advance.
Would it help in your setup to fetch the extra attribute via dbus-send?
I rush to read SSSD's DesignDoc (IPC,DBusUsersAndGroups) but still have no clear idea how to implement it; The object containing extra attributes is in/org/freedesktop/sssd/infopipe/Users/$DOMAIN/$UID, right? Maybe PAM module is the most obvious for retrieving additional attribute on login.
Best, Longina
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd- users@lists.fedorahosted.org
Something like: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByName string:myuser would return the object path. Then you can use the Get method to retrieve an attribute dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe $object_path org.freedesktop.DBus.Properties.Get string:org.freedesktop.sssd.infopipe.Users.User string:name would return the attribute.
You need to add the extra attributes to the ifp section, because by default only the POSIX set is permitted.
On 20 Jan 2016, at 11:07, Longina Przybyszewska longina@sdu.dk wrote:
-----Oprindelig meddelelse----- Fra: Jakub Hrozek [mailto:jhrozek@redhat.com] Sendt: 19. januar 2016 21:56 Til: sssd-users@lists.fedorahosted.org Emne: [SSSD-users] Re: User_attribute option
On Tue, Jan 19, 2016 at 11:28:05AM +0000, Longina Przybyszewska wrote:
Hi, I would like to retrieve additional attribute from user object in AD , 'homeDirectory', which contains string pointing to windows share path on
a samba server .
The option 'user_attribute' allows that setup in [nss] section together with '
ifp' service.
[sssd] services = ..,nss,ifp [nss] user_attribute = +homeDirectory
I can't figure out how this extra attribute is mapped by SSSD; I would like map it to environment variable per user at login, or in any other usable
way.
Any hints? Thanks in advance.
Would it help in your setup to fetch the extra attribute via dbus-send?
I rush to read SSSD's DesignDoc (IPC,DBusUsersAndGroups) but still have no clear idea how to implement it; The object containing extra attributes is in/org/freedesktop/sssd/infopipe/Users/$DOMAIN/$UID, right? Maybe PAM module is the most obvious for retrieving additional attribute on login.
Best, Longina
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd- users@lists.fedorahosted.org
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
sssd-users@lists.fedorahosted.org