From 37c11c5f21ae4f2ad5eceb3dd66cbb74fe178539 Mon Sep 17 00:00:00 2001
From: Antonio Torres <antorres@redhat.com>
Date: Thu, 7 Sep 2023 10:02:05 +0200
Subject: [PATCH] Add ldap_user_extra_attrs option in sssd.conf for IPA domain

The option `ldap_user_extra_attrs = mail:mail, sn:sn,
givenname:givenname` in IPA domain is needed for correct functioning.

Resolves: #40
Signed-off-by: Antonio Torres <antorres@redhat.com>
---
 src/ipa-tuura/domains/utils.py | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/src/ipa-tuura/domains/utils.py b/src/ipa-tuura/domains/utils.py
index 64127a49..c372da63 100644
--- a/src/ipa-tuura/domains/utils.py
+++ b/src/ipa-tuura/domains/utils.py
@@ -199,6 +199,32 @@ def deploy_ipa_service(domain):
     keytab_file = os.path.join("/var/lib/ipa/ipatuura/", "service.keytab")
     ipa_api_connect(domain)
 
+    # add extra attribute mappings to domain
+    try:
+        sssdconfig = SSSDConfig.SSSDConfig()
+        sssdconfig.import_config()
+    except Exception as e:
+        logger.info("Unable to read SSSD config")
+        raise e
+
+    domainconfig = sssdconfig.get_domain(domain["name"])
+    try:
+        user_attrs = domainconfig.get_option("ldap_user_extra_attrs")
+    except SSSDConfig.NoOptionError:
+        user_attrs = set()
+    else:
+        user_attrs = {s.strip().lower() for s in user_attrs.split(",") if s.strip()}
+    extra_attrs = {
+        "mail:mail",
+        "sn:sn",
+        "givenname:givenname",
+    }
+    domainconfig.set_option(
+        "ldap_user_extra_attrs", ", ".join(user_attrs.union(extra_attrs))
+    )
+    sssdconfig.save_domain(domainconfig)
+    sssdconfig.write()
+
     # container image should contain the user and group
     # groupadd scim
     args = ["groupadd", "scim"]