On Sat, 27 Jun 2015, Dmitri Pal wrote:
On 06/26/2015 11:26 PM, Alexander Bokovoy wrote:
----- Original Message -----
On 06/23/2015 03:02 PM, Alexander Bokovoy wrote:
On Tue, 23 Jun 2015, Dmitri Pal wrote:
On 06/17/2015 09:56 AM, Alexander Bokovoy wrote:
On Wed, 17 Jun 2015, Henry Hofmann wrote:
Ok, how can I configure the map of source attributes (mail or any
other) to compat tree?
Go back in archives in this list and read discussions about "Single
mail
deployment in an FreeIPA-WindowsAD scenario". TLDR; not possible in the
compat tree as of right now.
Do we have a ticket for this?
No and I don't think it will be possible. slapi-nis is read-only view,
it needs to get these attributes from somewhere. Storing values for
specialized schema in ID overrides is probably going to be too much --
how these source attributes to be managed? In the case of 'single mail'
it would need to be Kolab applications which would need to update such
attributes, how Kolab would do that?
Enabling slapi-nis to be writeable is going to break a lot and in
general would not be possible.
I am missing something. Where the Kolab and writability are coming from?
The thread was about allowing email as an extra attribute in the compat
tree.
There is nothing about writiability.
See https://docs.kolab.org/architecture-and-design/ldap.html, kolabd handles
all modifications to LDAP triggered by other interfaces, including but not
limited to the web UI.
A whole list of attributes that may appear in LDAP for Kolab entries is here:
https://git.kolab.org/diffusion/KS/browse/master/kolab3.schema
Sure but was the request in this thread driven by Kolab? I have not
seen that in any of the emails.
Why we assume that it is because of Kolab?
Because we talked about the other thread and that one was about Kolab
and Kolab expects to be able to write to kolabInetOrgPerson class.
This thread is about email as an extra attribute in the compat tree and
we cannot currently add anything like that because we don't have any
source to take it from via already configured code paths.
SSSD could generate email attribute off ID override but NSS interface
doesn't provide any possibility to query it. Using InfoPipe to query
such information requires additional configuration and code for both
slapi-nis and SSSD -- SSSD has to export these attributes (not done by
default on IPA master), slapi-nis needs to be configured to pull them in
for AD users, but this functionality is completely missing. Technically,
I could add such feature but it would require also another round of
thread-aware locking around another channel of communication with SSSD,
quite fragile one, unfortunately.
So it is not possible now.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
