On to, 19 tammi 2017, Sandor Juhasz wrote:
One more issue. Service user cannot see the new attribute. It does see the 
objectclass.

ldif:
dn: cn=schema
changetype: modify
add: objectclasses
objectclasses: ( 1.3.6.1.4.1.49232.1.1
NAME 'groupMail'
SUP top
STRUCTURAL
MAY ( mail $ displayname )
X-ORIGIN 'Extending FreeIPA' )

Service user:
uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld

Regular user:
uid=admin,cn=users,cn=accounts,dc=test,dc=tld
admin is not a regular user.

They both see objectclass=groupmail, but uid=googlesync does not birng back
mail and displyaname, while using ldapsearch.
Do you have an ACI that allows to actually see the attribute?

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to