This may be related to the issue discussed here:
https://lists.fedorahosted.org/archives/list/freeipa-
us...@lists.fedorahosted.org/message/SC7GYMHMJ2DNT6BDDSWG5F4HL252EJOD/

But it seems not to be, layer 8 is still open though.

Using the instructions here
https://www.dalemacartney.com/2013/03/14/deploying-postfix-with-ldap-freeipa-virtual-aliases-and-kerberos-authentication/
to enable postfix virtual users from freeIPA I seem to have hit a sticking
point in that postfix is unable to fetch the mail attribute.

this is the query filter I modified as per the referenced email in the
archive.

query_filter = (&(objectclass=posixaccount)(mail=%s))

When run from postmap it gets nothing. If I change it for testing to search
by uid or another attribute it works as expected. a simple filter like
(uid=%s) works everytime.

This ldapsearch run using the postfix servers keytab as credentials works
as well:

ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=org
'(&(objectclass=posixaccount)(|(mail=validu...@example.org)))'

The FreeIPA version is 4.4.4 running on Fedora 26

Is there something I may be overlooking here? I dove off into IPA v4
permissions and everything *seems* ok, but it is my chief suspect right now.

Thanks!
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to