Martin Kosek wrote:
On Mon, 2012-01-23 at 15:46 -0500, Rob Crittenden wrote:
Martin Kosek wrote:
Admin e-mail validator currently requires an email to be in
a second-level domain (hostmas...@example.com). This is too
restrictive. Top level domain e-mails (hostmaster@testrelm)
should also be allowed.

This patch also fixes default zonemgr value in help texts and man
pages.

https://fedorahosted.org/freeipa/ticket/2272

This fixes the problem of single component domain installation but it
does seem to really weaken the checking.

For example, if you install with your domain as example.com you can set
the zonemgr e-mail to hostmaster@example.

I don't want to make this too complex, just wanted another opinion.

rob

Good point. But if we want to allow top-level domain e-mails we'd need
to allow e-mails like hostmaster@example. How would this situation be
different from hostmaster@testrelm ? (This was the reported failing
e-mail). Both e-mails are syntactically OK.

Martin


The complex part I had in mind was comparing the domain in the e-mail addr with the configured domain.

We need to be able to support when IPA is itself a subdomain but the hostmaster is in the primary: domain=sub.example.com, hostmas...@example.com.

It might also point somewhere else entirely, hostmas...@hosted.com.

Maybe we ensure that the e-mail address domain is equal to or a part of the configured domain OR the domain is already resolvable?

So move right to left matching as it goes. Of course this would allow hostmaster@com but we may just have to live with it.

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to