I think 
ipa permission-mod "System: Read Groups" --includedattrs=mail 
--includedattrs=displayname 
solved my issue. 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Sandor Juhasz" <sjuh...@chemaxon.com> 
To: "Alexander Bokovoy" <aboko...@redhat.com> 
Cc: freeipa-users@redhat.com 
Sent: Thursday, January 19, 2017 3:31:58 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display 
attribute 

Most probably i don't. At least i have never created one, neither did this 
http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf 
refer anything like that. 

How do i do it? 

Sándor Juhász 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Alexander Bokovoy" <aboko...@redhat.com> 
To: "Sandor Juhasz" <sjuh...@chemaxon.com> 
Cc: freeipa-users@redhat.com 
Sent: Thursday, January 19, 2017 3:22:34 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display 
attribute 

On to, 19 tammi 2017, Sandor Juhasz wrote: 
>One more issue. Service user cannot see the new attribute. It does see the 
>objectclass. 
> 
>ldif: 
>dn: cn=schema 
>changetype: modify 
>add: objectclasses 
>objectclasses: ( 1.3.6.1.4.1.49232.1.1 
>NAME 'groupMail' 
>SUP top 
>STRUCTURAL 
>MAY ( mail $ displayname ) 
>X-ORIGIN 'Extending FreeIPA' ) 
> 
>Service user: 
>uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld 
> 
>Regular user: 
>uid=admin,cn=users,cn=accounts,dc=test,dc=tld 
admin is not a regular user. 

>They both see objectclass=groupmail, but uid=googlesync does not birng back 
>mail and displyaname, while using ldapsearch. 
Do you have an ACI that allows to actually see the attribute? 

-- 
/ Alexander Bokovoy 

-- 
Manage your subscription for the Freeipa-users mailing list: 
https://www.redhat.com/mailman/listinfo/freeipa-users 
Go to http://freeipa.org for more info on the project 
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to