Open WERTBON1789 opened 3 weeks ago
We probably won't be implementing this anytime soon, as the performance would be appalling
Why would the performance be appalling? The LDAP outpost is already doing this mapping; it's just currently using a hardcoded mapping instead of a user-controlled mapping.
Is your feature request related to a problem? Please describe. I think it would be a really useful feature to have "scriptable" LDAP properties, much like the scope mappings in OAuth2/OIDC land, so someone doesn't have to hard-code values in the user's attributes, but can generate them on the fly without needing to update them. I think that would also help to bridge the gaps of support like Samba authentication for example.
Describe the solution you'd like The Scope Mappings from OIDC basically 1:1 for LDAP.
Describe alternatives you've considered I think there are some hacks you can do with sssd, but sometimes there just isn't the option to actually change the behavior of the client that much.