On 10.2.2016 09:18, Alexander Bokovoy wrote:
> On Wed, 10 Feb 2016, Jérôme Fenal wrote:
>> Hi all,
>>
>> Installing an IPA instance with domain/realm as a TLD, in my case
>> "internal", works fine.
>>
>> Until I try to add a user within the domain, using the web interface,
>> which fails with the following error:
>>
>> IPA Error 3009: ValidationError
>>
>> invalid 'email': invalid e-mail format: jf@internal
>>
>> The same error happens using "ipa user-add" when the
>> --email=m...@redhat.com is not specified.
>>
>> Can we overcome/circumvent this error in the UI?
>>
>> Or should we recommend against using TLD or one domain component domains?
> See
> https://www.redhat.com/archives/freeipa-users/2015-August/msg00078.html
> for inspiration.

Hold on!

Use of made-up domains in inherently broken and recommended against by
official documentation:

Please see

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/prerequisites.html#dns-reqs

and also

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_DNS_Traffic_with_DNSSEC.html#sec-Recommended_Naming_Practices


Long story short, do not use anything else than a domain you actually bought.

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to