Dale Macartney wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 05/06/12 14:09, Rob Crittenden wrote:
Dale Macartney wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all

I may be overlooking something here, but from what I can gather, the
value in the ipa config of "Default e-mail domain for new users" should
automatically create the mail attribute for said user upon creation?

Do I need to do an additional step or something to activate the mail
attribute or is it missing?

Any pointers on what I'm missing to mail-enable a user in ldap?


Running RHEL 6.2 x86_64 with ipa-server 2.1.3-9.el6

Output from ipa server as follows

[root@ds01 ~]# ipa config-show
Max. username length: 32
Home directory base: /home
Default shell: /bin/bash
Default users group: ipausers
Default e-mail domain for new users: example.com
Search time limit: 2
Search size limit: 100
User search fields: uid,givenname,sn,telephonenumber,ou,title
Group search fields: cn,description
Enable migration mode: FALSE
Certificate Subject base: O=EXAMPLE.COM
Password Expiration Notification (days): 4
[root@ds01 ~]#



[root@ds01 ~]# ldapsearch -x -b dc=example,dc=com -P 3 -b
"uid=testuser,cn=users,cn=accounts,dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base<uid=testuser,cn=users,cn=accounts,dc=example,dc=com>  with scope
subtree
# filter: (objectclass=*)
# requesting: ALL
#

# testuser, users, accounts, example.com
dn: uid=testuser,cn=users,cn=accounts,dc=example,dc=com
displayName: testuser 1
cn: testuser 1
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixaccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: mepOriginEntry
loginShell: /bin/bash
sn: 1
gecos: testuser 1
homeDirectory: /home/testuser
krbPwdPolicyReference:
cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,
dc=com
krbPrincipalName: testu...@example.com
givenName: testuser
uid: testuser
initials: t1
uidNumber: 1668600004
gidNumber: 1668600004
ipaUniqueID: 0d620620-acfd-11e1-943c-52540025e829
mepManagedEntry: cn=testuser,cn=groups,cn=accounts,dc=example,dc=com
krbPasswordExpiration: 20120831215158Z
krbLastPwdChange: 20120602215158Z
krbExtraData:: AAL+ispPdGVzdHVzZXJARVhBTVBMRS5DT00A
krbExtraData:: AAgBAA==
krbLastSuccessfulAuth: 20120602215703Z
krbLoginFailedCount: 0

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@ds01 ~]#

It looks like it isn't creating the mail attribute by default. I opened
ticket https://fedorahosted.org/freeipa/ticket/2810

rob

Thanks for pointing out it wasn't me doing something silly ;-)

On thinking deeper onto the issue, perhaps it is beneficial not to have
it done by default? e.g if I have a mail server accepting mail for ldap
lookups for mail entries, this would mean EVERYONE has a mailbox whereas
that might not be beneficial in many situations..

In the AD side of things, a user has to be mail enabled, in order to
become valid for mail purposes.

In this situation, I can manually add the mail address with "ipa
user-mod --email=testu...@example.com" which does what I was needing.

Theres a few reasons for and against having default email access for new
users...

I'm just bouncing some ideas out loud at the moment. Thoughts?


Our intention was to automatically populate the field if the default e-mail domain was set. If it wasn't then we'd do nothing.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to