This may be related to the issue discussed here: https://lists.fedorahosted.org/archives/list/freeipa- us...@lists.fedorahosted.org/message/SC7GYMHMJ2DNT6BDDSWG5F4HL252EJOD/
But it seems not to be, layer 8 is still open though. Using the instructions here https://www.dalemacartney.com/2013/03/14/deploying-postfix-with-ldap-freeipa-virtual-aliases-and-kerberos-authentication/ to enable postfix virtual users from freeIPA I seem to have hit a sticking point in that postfix is unable to fetch the mail attribute. this is the query filter I modified as per the referenced email in the archive. query_filter = (&(objectclass=posixaccount)(mail=%s)) When run from postmap it gets nothing. If I change it for testing to search by uid or another attribute it works as expected. a simple filter like (uid=%s) works everytime. This ldapsearch run using the postfix servers keytab as credentials works as well: ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=org '(&(objectclass=posixaccount)(|(mail=validu...@example.org)))' The FreeIPA version is 4.4.4 running on Fedora 26 Is there something I may be overlooking here? I dove off into IPA v4 permissions and everything *seems* ok, but it is my chief suspect right now. Thanks!
_______________________________________________ FreeIPA-users mailing list -- firstname.lastname@example.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org