On Mon, 03 Aug 2015, Justean wrote:
Good morning, I was wondering if there is a way to change the way
freeipa builds a user's email address by default. Currently it takes
the username and appends the domain name but I would like it to take
the form firstname.lastn...@domainname.com
It is not possible to redefine email's format via configuration so you
need to write some code. Luckily, you can amend existing code without
touching it.

Below is an example:
from ipalib.plugins.user import user_add

def override_default_mail_cb(self, ldap, dn, entry_attrs, attrs_list, *keys, 
   if not 'mail' in entry_attrs:
        name = {'givenname': entry_attrs.get('givenname').lower(),
                'sn': entry_attrs.get('sn').lower()}
        mail = "{givenname}.{sn}".format(**name)
        entry_attrs['mail'] = self.obj.normalize_and_validate_email(mail)
   return dn

user_add.register_pre_callback(override_default_mail_cb, first=True)

What this Python code does? It adds a callback to user-add method in IPA
that is run before other callbacks (first=True). The callback is then
checks if mail attribute was already specified by the administrator
when calling 'ipa user-add' (Web UI calls this for you). If not, it
derives mail format from lower-cased versions of first and last names of
the user (known as 'givenname' and 'sn' attributes in LDAP
correspondingly). It then sets mail attribute to a full email format via
self.obj.normalize_and_validate_email() function which will pick up the
default DNS domain value and construct correct email.

You need to maintain this plugin extension on all IPA masters used for
creating users. Best way to do that is by packaging the plugin in an RPM
and installing it on IPA masters.

You also need to restart httpd service on IPA master to apply the

It is used like this:

# systemctl restart httpd
# ipa user-add some.user --first Some --last User ----------------------
Added user "some.user"
 User login: some.user
 First name: Some
 Last name: User
 Full name: Some User
 Display name: Some User
 Initials: SU
 Home directory: /home/some.user
 GECOS: Some User
 Login shell: /bin/sh
 Kerberos principal: some.u...@example.com
 Email address: some.u...@example.com
 UID: 1634400022
 GID: 1634400022
 Password: False
 Member of groups: ipausers
 Kerberos keys available: False

# ipa user-add another.user --first Another --last User --email a.user
Added user "another.user"
 User login: another.user
 First name: Another
 Last name: User
 Full name: Another User
 Display name: Another User
 Initials: AU
 Home directory: /home/another.user
 GECOS: Another User
 Login shell: /bin/sh
 Kerberos principal: another.u...@example.com
 Email address: a.u...@example.com
 UID: 1634400021
 GID: 1634400021
 Password: False
 Member of groups: ipausers
 Kerberos keys available: False

Command line options and LDAP attribute names are not always the same.
You can use 'ipa show-mappings user-add' to see how CLI options map to
LDAP attributes.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to