[Satosa-dev] breaking change to LDAP attribute store microservice?

Hi, (Apologies in advance for a long and detailed note. TL;DR I want to make a breaking change but I think I am directly working with everyone using the microservice.) I would like to make a breaking change to the LDAP attribute store microservice. Specifically I want to change the name and syntax for the configuration option 'idp_identifier' (but not the functionality). That configuration option is used to determine what value(s) is used for the LDAP filter that is constructed to search for user records in LDAP. Currently a simple configuration would be idp_identifiers: - eppn ldap_identifier_attribute: uid That configuration would take the value asserted by the IdP for eppn (the SATOSA internal name for that attribute as it is "seen" by the microservice) and use it to construct the filter value, eg. ' skoranda at uwm.edu', so that for example the LDAP filter would be (uid=skoranda at uwm.edu) More complicated configurations that include the ability to combine values including NameID values asserted by the IdP are included in the example configuration. But there are two problems I have with the current configuration and its syntax: 1) The value that is used to construct the LDAP filter may not be directly coming (asserted by) an IdP. It may have been constructed using another microservice(s) that runs prior to the LDAP attribute store. So I think instead of idp_identifier I want to name the configuration option ordered_identifier_candidates 2) The syntax as seen in the current example is poor. After a helpful dialogue with Ivan I prefer this syntax, which I think better illustrates what is going on (this would be a fairly complicated example): ordered_identifier_candidates: - attribute_names: [epuid] - attribute_names: [eppn, name_id] name_id_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - attribute_names: [eppn, edupersontargetedid] - attribute_names: [eppn] - attribute_names: [name_id] name_id_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent add_scope: issuer_entityid - attribute_names: [edupersontargetedid] add_scope: issuer_entityid The simple configuration from above would become ordered_identifier_candidates: - attribute_names: [eppn] An intermediate example configuration would be ordered_identifier_candidates: - attribute_names: [eppn] - attribute_names: [edupersontargetedid] add_scope: issuer_entityid Normally I would of course prefer not to make a breaking change, but I think I am working with everyone using the microservice and can direcftly help them transition and I think it is early enough in the evolution of the microservice that some flux is expected/allowed. Thoughts? Thanks, Scott K