Martin Kosek wrote:
On Mon, 2012-01-23 at 15:46 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
Admin e-mail validator currently requires an email to be in
a second-level domain ( This is too
restrictive. Top level domain e-mails (hostmaster@testrelm)
should also be allowed.

This patch also fixes default zonemgr value in help texts and man

This fixes the problem of single component domain installation but it
does seem to really weaken the checking.

For example, if you install with your domain as you can set
the zonemgr e-mail to hostmaster@example.

I don't want to make this too complex, just wanted another opinion.


Good point. But if we want to allow top-level domain e-mails we'd need
to allow e-mails like hostmaster@example. How would this situation be
different from hostmaster@testrelm ? (This was the reported failing
e-mail). Both e-mails are syntactically OK.


The complex part I had in mind was comparing the domain in the e-mail addr with the configured domain.

We need to be able to support when IPA is itself a subdomain but the hostmaster is in the primary:,

It might also point somewhere else entirely,

Maybe we ensure that the e-mail address domain is equal to or a part of the configured domain OR the domain is already resolvable?

So move right to left matching as it goes. Of course this would allow hostmaster@com but we may just have to live with it.


Freeipa-devel mailing list

Reply via email to