On Wed, 05 Aug 2015, Alexander Bokovoy wrote:
On Mon, 03 Aug 2015, Justean wrote:
Good morning, I was wondering if there is a way to change the way
freeipa builds a user's email address by default. Currently it takes
the username and appends the domain name but I would like it to take
the form firstname.lastn...@domainname.com
It is not possible to redefine email's format via configuration so you
need to write some code. Luckily, you can amend existing code without
touching it.

Below is an example:
-----------------------------------------------------------------------
/usr/lib/python2.7/site-packages/ipalib/plugins/user-ext-mail-format.py
-----------------------------------------------------------------------
from ipalib.plugins.user import user_add

def override_default_mail_cb(self, ldap, dn, entry_attrs, attrs_list, *keys, 
**options):
  if not 'mail' in entry_attrs:
       name = {'givenname': entry_attrs.get('givenname').lower(),
               'sn': entry_attrs.get('sn').lower()}
       mail = "{givenname}.{sn}".format(**name)
       entry_attrs['mail'] = self.obj.normalize_and_validate_email(mail)
  return dn

user_add.register_pre_callback(override_default_mail_cb, first=True)
-----------------------------------------------------------------------

What this Python code does? It adds a callback to user-add method in IPA
that is run before other callbacks (first=True). The callback is then
checks if mail attribute was already specified by the administrator
when calling 'ipa user-add' (Web UI calls this for you). If not, it
derives mail format from lower-cased versions of first and last names of
the user (known as 'givenname' and 'sn' attributes in LDAP
correspondingly). It then sets mail attribute to a full email format via
self.obj.normalize_and_validate_email() function which will pick up the
default DNS domain value and construct correct email.

You need to maintain this plugin extension on all IPA masters used for
creating users. Best way to do that is by packaging the plugin in an RPM
and installing it on IPA masters.

You also need to restart httpd service on IPA master to apply the
plugin.

It is used like this:

# systemctl restart httpd
# ipa user-add some.user --first Some --last User ----------------------
Added user "some.user"
----------------------
User login: some.user
First name: Some
Last name: User
Full name: Some User
Display name: Some User
Initials: SU
Home directory: /home/some.user
GECOS: Some User
Login shell: /bin/sh
Kerberos principal: some.u...@example.com
Email address: some.u...@example.com
UID: 1634400022
GID: 1634400022
Password: False
Member of groups: ipausers
Kerberos keys available: False
Actually, I realized because I gave the same user login as
'FirstName.LastName', it might be less apparent that the code works.
Let's try with another user:

# ipa user-add foo.bar --first Some --last User --------------------
Added user "foo.bar"
--------------------
 User login: foo.bar
 First name: Some
 Last name: User
 Full name: Some User
 Display name: Some User
 Initials: SU
 Home directory: /home/foo.bar
 GECOS: Some User
 Login shell: /bin/sh
 Kerberos principal: foo....@example.com
 Email address: some.u...@example.com
 UID: 1634400023
 GID: 1634400023
 Password: False
 Member of groups: ipausers
 Kerberos keys available: False


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to