-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/06/12 14:21, Rob Crittenden wrote: > Dale Macartney wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> On 05/06/12 14:09, Rob Crittenden wrote: >>> Dale Macartney wrote: >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Hi all >>>> >>>> I may be overlooking something here, but from what I can gather, the >>>> value in the ipa config of "Default e-mail domain for new users" should >>>> automatically create the mail attribute for said user upon creation? >>>> >>>> Do I need to do an additional step or something to activate the mail >>>> attribute or is it missing? >>>> >>>> Any pointers on what I'm missing to mail-enable a user in ldap? >>>> >>>> >>>> Running RHEL 6.2 x86_64 with ipa-server 2.1.3-9.el6 >>>> >>>> Output from ipa server as follows >>>> >>>> [root@ds01 ~]# ipa config-show >>>> Max. username length: 32 >>>> Home directory base: /home >>>> Default shell: /bin/bash >>>> Default users group: ipausers >>>> Default e-mail domain for new users: example.com >>>> Search time limit: 2 >>>> Search size limit: 100 >>>> User search fields: uid,givenname,sn,telephonenumber,ou,title >>>> Group search fields: cn,description >>>> Enable migration mode: FALSE >>>> Certificate Subject base: O=EXAMPLE.COM >>>> Password Expiration Notification (days): 4 >>>> [root@ds01 ~]# >>>> >>>> >>>> >>>> [root@ds01 ~]# ldapsearch -x -b dc=example,dc=com -P 3 -b >>>> "uid=testuser,cn=users,cn=accounts,dc=example,dc=com" >>>> # extended LDIF >>>> # >>>> # LDAPv3 >>>> # base<uid=testuser,cn=users,cn=accounts,dc=example,dc=com> with scope >>>> subtree >>>> # filter: (objectclass=*) >>>> # requesting: ALL >>>> # >>>> >>>> # testuser, users, accounts, example.com >>>> dn: uid=testuser,cn=users,cn=accounts,dc=example,dc=com >>>> displayName: testuser 1 >>>> cn: testuser 1 >>>> objectClass: top >>>> objectClass: person >>>> objectClass: organizationalperson >>>> objectClass: inetorgperson >>>> objectClass: inetuser >>>> objectClass: posixaccount >>>> objectClass: krbprincipalaux >>>> objectClass: krbticketpolicyaux >>>> objectClass: ipaobject >>>> objectClass: mepOriginEntry >>>> loginShell: /bin/bash >>>> sn: 1 >>>> gecos: testuser 1 >>>> homeDirectory: /home/testuser >>>> krbPwdPolicyReference: >>>> cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example, >>>> dc=com >>>> krbPrincipalName: [email protected] >>>> givenName: testuser >>>> uid: testuser >>>> initials: t1 >>>> uidNumber: 1668600004 >>>> gidNumber: 1668600004 >>>> ipaUniqueID: 0d620620-acfd-11e1-943c-52540025e829 >>>> mepManagedEntry: cn=testuser,cn=groups,cn=accounts,dc=example,dc=com >>>> krbPasswordExpiration: 20120831215158Z >>>> krbLastPwdChange: 20120602215158Z >>>> krbExtraData:: AAL+ispPdGVzdHVzZXJARVhBTVBMRS5DT00A >>>> krbExtraData:: AAgBAA== >>>> krbLastSuccessfulAuth: 20120602215703Z >>>> krbLoginFailedCount: 0 >>>> >>>> # search result >>>> search: 2 >>>> result: 0 Success >>>> >>>> # numResponses: 2 >>>> # numEntries: 1 >>>> [root@ds01 ~]# >>> >>> It looks like it isn't creating the mail attribute by default. I opened >> ticket https://fedorahosted.org/freeipa/ticket/2810 >>> >>> rob >> >> Thanks for pointing out it wasn't me doing something silly ;-) >> >> On thinking deeper onto the issue, perhaps it is beneficial not to have >> it done by default? e.g if I have a mail server accepting mail for ldap >> lookups for mail entries, this would mean EVERYONE has a mailbox whereas >> that might not be beneficial in many situations.. >> >> In the AD side of things, a user has to be mail enabled, in order to >> become valid for mail purposes. >> >> In this situation, I can manually add the mail address with "ipa >> user-mod [email protected]" which does what I was needing. >> >> Theres a few reasons for and against having default email access for new >> users... >> >> I'm just bouncing some ideas out loud at the moment. Thoughts? >> > > Our intention was to automatically populate the field if the default e-mail domain was set. If it wasn't then we'd do nothing. > > rob That does make sense.. As long as the customer has a method of controlling yay or nay, thats the main thing. Thanks for clarifying. Dale -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPzggwAAoJEAJsWS61tB+qVTQQAKp/qa3qpstP10GC0nzreYJg DvWXYLTRqWzy3OoyMK2nqqfLfp1x8JeJdIrQg9UWn4n200ihfHqcoefA8lX9KMMf YO1ss8gPoBSf25pmsBkLOke22wk/SdahvKWJvxUOWjGzMfCeLFyIMNPO/c2UA9wg Bzay/jgK5Hl55GDotsW1WEiPJDh2S1OaSqU8ud4/gO10zey6QhKwfp0CBqpyybLq fmbRf7UA6LFrHUMTyw1JaoA4dYN47JpdGHcOr0JqSgFjB0ODpMqD51YJW3kLCRUc O5Q/pUg/YbTVYqsC67u5P2sMsNsFoUJQz4LrsNEODwczmrjVrqMITISCRUfKkWto sdlzONJ/zCJsWa6hArr4l7WbqI6H4RyfRMaJLEuQjBOpE7NQgRLQIRWj9oc4iNor xM32HOttgrSDX+xvp4x5uVVfsFKIT8Rn09K0YTpzdX9XFuitN25tC0psRvu19y8X 3g7lmFamiQbuJN5ERQ8RbuVL4Cx8bK5ensEQSgJtWxkGBDMPx3H9oLBil/bAWqR1 au8zxRkval/MNaewc7xMvETldFtdyk2smv9gV76LauuGXFMnBDDVAsN5po0rX05S bCyNbIvVM2+MQUawCVf5aDpzs6gsE3WB4QyTA8YlFixavgfY31pLWku8x3PVQKfZ lOYFB+tYU+8DlWp2/7Dz =fhQv -----END PGP SIGNATURE-----
0xB5B41FAA.asc
Description: application/pgp-keys
0xB5B41FAA.asc.sig
Description: PGP signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
