From 2b853fe327a446522a2f2139350f460a5b07fce3 Mon Sep 17 00:00:00 2001
From: Dominik George <dominik.george@teckids.org>
Date: Tue, 11 May 2021 13:56:30 +0200
Subject: [PATCH] [NSS] Document and improve example config

---
 etc/nss_pam_oidc.example.toml | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/etc/nss_pam_oidc.example.toml b/etc/nss_pam_oidc.example.toml
index ac4e203..663c74f 100644
--- a/etc/nss_pam_oidc.example.toml
+++ b/etc/nss_pam_oidc.example.toml
@@ -12,14 +12,21 @@ client_secret = ""
 
 urls.passwd = "https://ticdesk-dev.teckids.org/app/nis/api/passwd/"
 
+# The following configuration maps the attributes as returned by AlekSIS, as
+# example onto a system that also has local accounts (thus mapping IDs and
+# home directories).
 maps.passwd = """
     {
         name: .username,
+        # No passwords in passwd
         passwd: "x",
-        uid: .uid,
-        gid: .primary_gid,
-        gecos: "Foo",
-        dir: .home_directory,
+        # Map user and group IDs starting at 10000
+        uid: (.uid + 10000),
+        gid: (.primary_gid + 10000),
+        # Append organisation name to Gecos field
+        gecos: (.full_name + " (Teckids)"),
+        # Remap /home from server to /srv/teckids locally
+        dir: ("/srv/teckids/" + (.home_directory|ltrimstr("/home/"))),
         shell: .login_shell
     }
 """
-- 
GitLab