Re: Imprecise description for nslcd.conf "map"
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Imprecise description for nslcd.conf "map"
- From: Philip Prindeville <philipp_subx [at] redfish-solutions.com>
- To: Arthur de Jong <arthur [at] arthurdejong.org>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Imprecise description for nslcd.conf "map"
- Date: Mon, 26 Feb 2024 12:59:16 -0700
> On Feb 24, 2024, at 6:54 AM, Arthur de Jong <arthur@arthurdejong.org> wrote:
>
> On Fri, 2024-02-23 at 10:42 -0700, Philip Prindeville wrote:
>> map passwd lhs rhs
>>
>> is the equivalent of:
>>
>> map passwd lhs "${rhs}"
>
> Correct. The only limitation is that for some mapped attributes this
> syntax is not allowed because the attribute names are used to build
> LDAP queries.
>
>> which is not implied by the man page. The manual suggests that
>> anything NOT quoted is treated as a literal string with no
>> expansions/replacements happening.
>
> Do you have a suggestion for a clarification? This may be a bit brief
> currently:
I would offer to clarify but I'm still trying to wrap my head around the
rules... I broke our SDN release this month by not always handling the
attribute/newattribute pair correctly.
What I came up with was this, and I'm still not sure it's correct:
if attribute == "uidNumber" || newattribute in ("gecos", "gidNumber",
"homeDirectory", "loginShell", "uidNumber", "userPassword")
put_quotes_around_new_attribute();
Is that right, or am I still missing something?
-Philip
>
> The NEWATTRIBUTE may be any attribute as it is available in
> the directory.
>
> Thanks,
>
> --
> -- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
>
