Re: [Freeipa-users] mail entries not populated for users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/06/12 14:21, Rob Crittenden wrote: > Dale Macartney wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> >> >> On 05/06/12 14:09, Rob Crittenden wrote: >>> Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I may be overlooking something here, but from what I can gather, the value in the ipa config of "Default e-mail domain for new users" should automatically create the mail attribute for said user upon creation? Do I need to do an additional step or something to activate the mail attribute or is it missing? Any pointers on what I'm missing to mail-enable a user in ldap? Running RHEL 6.2 x86_64 with ipa-server 2.1.3-9.el6 Output from ipa server as follows [root@ds01 ~]# ipa config-show Max. username length: 32 Home directory base: /home Default shell: /bin/bash Default users group: ipausers Default e-mail domain for new users: example.com Search time limit: 2 Search size limit: 100 User search fields: uid,givenname,sn,telephonenumber,ou,title Group search fields: cn,description Enable migration mode: FALSE Certificate Subject base: O=EXAMPLE.COM Password Expiration Notification (days): 4 [root@ds01 ~]# [root@ds01 ~]# ldapsearch -x -b dc=example,dc=com -P 3 -b "uid=testuser,cn=users,cn=accounts,dc=example,dc=com" # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # testuser, users, accounts, example.com dn: uid=testuser,cn=users,cn=accounts,dc=example,dc=com displayName: testuser 1 cn: testuser 1 objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetorgperson objectClass: inetuser objectClass: posixaccount objectClass: krbprincipalaux objectClass: krbticketpolicyaux objectClass: ipaobject objectClass: mepOriginEntry loginShell: /bin/bash sn: 1 gecos: testuser 1 homeDirectory: /home/testuser krbPwdPolicyReference: cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example, dc=com krbPrincipalName: testu...@example.com givenName: testuser uid: testuser initials: t1 uidNumber: 166864 gidNumber: 166864 ipaUniqueID: 0d620620-acfd-11e1-943c-52540025e829 mepManagedEntry: cn=testuser,cn=groups,cn=accounts,dc=example,dc=com krbPasswordExpiration: 20120831215158Z krbLastPwdChange: 20120602215158Z krbExtraData:: AAL+ispPdGVzdHVzZXJARVhBTVBMRS5DT00A krbExtraData:: AAgBAA== krbLastSuccessfulAuth: 20120602215703Z krbLoginFailedCount: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root@ds01 ~]# >>> >>> It looks like it isn't creating the mail attribute by default. I opened >> ticket https://fedorahosted.org/freeipa/ticket/2810 >>> >>> rob >> >> Thanks for pointing out it wasn't me doing something silly ;-) >> >> On thinking deeper onto the issue, perhaps it is beneficial not to have >> it done by default? e.g if I have a mail server accepting mail for ldap >> lookups for mail entries, this would mean EVERYONE has a mailbox whereas >> that might not be beneficial in many situations.. >> >> In the AD side of things, a user has to be mail enabled, in order to >> become valid for mail purposes. >> >> In this situation, I can manually add the mail address with "ipa >> user-mod --email=testu...@example.com" which does what I was needing. >> >> Theres a few reasons for and against having default email access for new >> users... >> >> I'm just bouncing some ideas out loud at the moment. Thoughts? >> > > Our intention was to automatically populate the field if the default e-mail domain was set. If it wasn't then we'd do nothing. > > rob That does make sense.. As long as the customer has a method of controlling yay or nay, thats the main thing. Thanks for clarifying. Dale -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPzggwAAoJEAJsWS61tB+qVTQQAKp/qa3qpstP10GC0nzreYJg DvWXYLTRqWzy3OoyMK2nqqfLfp1x8JeJdIrQg9UWn4n200ihfHqcoefA8lX9KMMf YO1ss8gPoBSf25pmsBkLOke22wk/SdahvKWJvxUOWjGzMfCeLFyIMNPO/c2UA9wg Bzay/jgK5Hl55GDotsW1WEiPJDh2S1OaSqU8ud4/gO10zey6QhKwfp0CBqpyybLq fmbRf7UA6LFrHUMTyw1JaoA4dYN47JpdGHcOr0JqSgFjB0ODpMqD51YJW3kLCRUc O5Q/pUg/YbTVYqsC67u5P2sMsNsFoUJQz4LrsNEODwczmrjVrqMITISCRUfKkWto sdlzONJ/zCJsWa6hArr4l7WbqI6H4RyfRMaJLEuQjBOpE7NQgRLQIRWj9oc4iNor xM32HOttgrSDX+xvp4x5uVVfsFKIT8Rn09K0YTpzdX9XFuitN25tC0psRvu19y8X 3g7lmFamiQbuJN5ERQ8RbuVL4Cx8bK5ensEQSgJtWxkGBDMPx3H9oLBil/bAWqR1 au8zxRkval/MNaewc7xMvETldFtdyk2smv9gV76LauuGXFMnBDDVAsN5po0rX05S bCyNbIvVM2+MQUawCVf5aDpzs6gsE3WB4Q
Re: [Freeipa-users] mail entries not populated for users
Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/06/12 14:09, Rob Crittenden wrote: Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I may be overlooking something here, but from what I can gather, the value in the ipa config of "Default e-mail domain for new users" should automatically create the mail attribute for said user upon creation? Do I need to do an additional step or something to activate the mail attribute or is it missing? Any pointers on what I'm missing to mail-enable a user in ldap? Running RHEL 6.2 x86_64 with ipa-server 2.1.3-9.el6 Output from ipa server as follows [root@ds01 ~]# ipa config-show Max. username length: 32 Home directory base: /home Default shell: /bin/bash Default users group: ipausers Default e-mail domain for new users: example.com Search time limit: 2 Search size limit: 100 User search fields: uid,givenname,sn,telephonenumber,ou,title Group search fields: cn,description Enable migration mode: FALSE Certificate Subject base: O=EXAMPLE.COM Password Expiration Notification (days): 4 [root@ds01 ~]# [root@ds01 ~]# ldapsearch -x -b dc=example,dc=com -P 3 -b "uid=testuser,cn=users,cn=accounts,dc=example,dc=com" # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # testuser, users, accounts, example.com dn: uid=testuser,cn=users,cn=accounts,dc=example,dc=com displayName: testuser 1 cn: testuser 1 objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetorgperson objectClass: inetuser objectClass: posixaccount objectClass: krbprincipalaux objectClass: krbticketpolicyaux objectClass: ipaobject objectClass: mepOriginEntry loginShell: /bin/bash sn: 1 gecos: testuser 1 homeDirectory: /home/testuser krbPwdPolicyReference: cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example, dc=com krbPrincipalName: testu...@example.com givenName: testuser uid: testuser initials: t1 uidNumber: 166864 gidNumber: 166864 ipaUniqueID: 0d620620-acfd-11e1-943c-52540025e829 mepManagedEntry: cn=testuser,cn=groups,cn=accounts,dc=example,dc=com krbPasswordExpiration: 20120831215158Z krbLastPwdChange: 20120602215158Z krbExtraData:: AAL+ispPdGVzdHVzZXJARVhBTVBMRS5DT00A krbExtraData:: AAgBAA== krbLastSuccessfulAuth: 20120602215703Z krbLoginFailedCount: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root@ds01 ~]# It looks like it isn't creating the mail attribute by default. I opened ticket https://fedorahosted.org/freeipa/ticket/2810 rob Thanks for pointing out it wasn't me doing something silly ;-) On thinking deeper onto the issue, perhaps it is beneficial not to have it done by default? e.g if I have a mail server accepting mail for ldap lookups for mail entries, this would mean EVERYONE has a mailbox whereas that might not be beneficial in many situations.. In the AD side of things, a user has to be mail enabled, in order to become valid for mail purposes. In this situation, I can manually add the mail address with "ipa user-mod --email=testu...@example.com" which does what I was needing. Theres a few reasons for and against having default email access for new users... I'm just bouncing some ideas out loud at the moment. Thoughts? Our intention was to automatically populate the field if the default e-mail domain was set. If it wasn't then we'd do nothing. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] mail entries not populated for users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/06/12 14:09, Rob Crittenden wrote: > Dale Macartney wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Hi all >> >> I may be overlooking something here, but from what I can gather, the >> value in the ipa config of "Default e-mail domain for new users" should >> automatically create the mail attribute for said user upon creation? >> >> Do I need to do an additional step or something to activate the mail >> attribute or is it missing? >> >> Any pointers on what I'm missing to mail-enable a user in ldap? >> >> >> Running RHEL 6.2 x86_64 with ipa-server 2.1.3-9.el6 >> >> Output from ipa server as follows >> >> [root@ds01 ~]# ipa config-show >> Max. username length: 32 >> Home directory base: /home >> Default shell: /bin/bash >> Default users group: ipausers >> Default e-mail domain for new users: example.com >> Search time limit: 2 >> Search size limit: 100 >> User search fields: uid,givenname,sn,telephonenumber,ou,title >> Group search fields: cn,description >> Enable migration mode: FALSE >> Certificate Subject base: O=EXAMPLE.COM >> Password Expiration Notification (days): 4 >> [root@ds01 ~]# >> >> >> >> [root@ds01 ~]# ldapsearch -x -b dc=example,dc=com -P 3 -b >> "uid=testuser,cn=users,cn=accounts,dc=example,dc=com" >> # extended LDIF >> # >> # LDAPv3 >> # base with scope >> subtree >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # testuser, users, accounts, example.com >> dn: uid=testuser,cn=users,cn=accounts,dc=example,dc=com >> displayName: testuser 1 >> cn: testuser 1 >> objectClass: top >> objectClass: person >> objectClass: organizationalperson >> objectClass: inetorgperson >> objectClass: inetuser >> objectClass: posixaccount >> objectClass: krbprincipalaux >> objectClass: krbticketpolicyaux >> objectClass: ipaobject >> objectClass: mepOriginEntry >> loginShell: /bin/bash >> sn: 1 >> gecos: testuser 1 >> homeDirectory: /home/testuser >> krbPwdPolicyReference: >> cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example, >> dc=com >> krbPrincipalName: testu...@example.com >> givenName: testuser >> uid: testuser >> initials: t1 >> uidNumber: 166864 >> gidNumber: 166864 >> ipaUniqueID: 0d620620-acfd-11e1-943c-52540025e829 >> mepManagedEntry: cn=testuser,cn=groups,cn=accounts,dc=example,dc=com >> krbPasswordExpiration: 20120831215158Z >> krbLastPwdChange: 20120602215158Z >> krbExtraData:: AAL+ispPdGVzdHVzZXJARVhBTVBMRS5DT00A >> krbExtraData:: AAgBAA== >> krbLastSuccessfulAuth: 20120602215703Z >> krbLoginFailedCount: 0 >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 2 >> # numEntries: 1 >> [root@ds01 ~]# > > It looks like it isn't creating the mail attribute by default. I opened ticket https://fedorahosted.org/freeipa/ticket/2810 > > rob Thanks for pointing out it wasn't me doing something silly ;-) On thinking deeper onto the issue, perhaps it is beneficial not to have it done by default? e.g if I have a mail server accepting mail for ldap lookups for mail entries, this would mean EVERYONE has a mailbox whereas that might not be beneficial in many situations.. In the AD side of things, a user has to be mail enabled, in order to become valid for mail purposes. In this situation, I can manually add the mail address with "ipa user-mod --email=testu...@example.com" which does what I was needing. Theres a few reasons for and against having default email access for new users... I'm just bouncing some ideas out loud at the moment. Thoughts? Dale -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPzgZCAAoJEAJsWS61tB+qMasQAJgC3lSdU5HvteVvnNLFF1wz yAlwtE00NaWhF/VOToafxQdwjHfcf5PRYgqVXi92DnVzCBkOUIGUnMvumsXTEDic +WwVgQgU+p4kEDtHfyTXdwP5g8C4fZXpwdDdexLrB3lTWcelhgZCx2dd4vUIuMRj z4JUWSin0BOjtH80N/hwL4pj7m+Bn2lzBQYlm5LBU9d5Y2YhAJwJcgAbixWHzzsg fDhCNNrxttkcLBzUVbeax1cyj16HotR9d3YdPsdwJqzonwTYHK20Hf109clujbUS nesmL8AXdapCrZtrrBw8SeTmN32/G9OhoBvND9hqPLNa10MrMxOs8Mj+8UWMQnL+ nWniUHueIYCECdYOwCkydBHkFOVXDE5HiWbTAv9nYOQ7AzI2xKfE8YtezUypmWLP NeFW/bER3eZZN54tQz6KbO2+5BjS+iBe6H39j8sKQv99FN1qpKLJOo3y5JxChzWU WsXasm41INXSeneB6plVHuCXqO70Mh0fv/TG+bGWysQm3hwporIQs7/pzp8uFnRI zfAewysabykMTDgnJdLzKzr7C1q3lyCX5WWR5OdZambY6nR853cP5bjvTnbDHE0t yfza/F2PNMuT9mehmAroKKKb8GZ6YTxOenpVvgW/c+VB5i8iM+NO/8gBa5XUqzLt vQTqo/XQcB3bqC+KP1b5 =pYR/ -END PGP SIGNATURE- 0xB5B41FAA.asc Description: application/pgp-keys 0xB5B41FAA.asc.sig Description: PGP signature ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] mail entries not populated for users
Dale Macartney wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I may be overlooking something here, but from what I can gather, the value in the ipa config of "Default e-mail domain for new users" should automatically create the mail attribute for said user upon creation? Do I need to do an additional step or something to activate the mail attribute or is it missing? Any pointers on what I'm missing to mail-enable a user in ldap? Running RHEL 6.2 x86_64 with ipa-server 2.1.3-9.el6 Output from ipa server as follows [root@ds01 ~]# ipa config-show Max. username length: 32 Home directory base: /home Default shell: /bin/bash Default users group: ipausers Default e-mail domain for new users: example.com Search time limit: 2 Search size limit: 100 User search fields: uid,givenname,sn,telephonenumber,ou,title Group search fields: cn,description Enable migration mode: FALSE Certificate Subject base: O=EXAMPLE.COM Password Expiration Notification (days): 4 [root@ds01 ~]# [root@ds01 ~]# ldapsearch -x -b dc=example,dc=com -P 3 -b "uid=testuser,cn=users,cn=accounts,dc=example,dc=com" # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # testuser, users, accounts, example.com dn: uid=testuser,cn=users,cn=accounts,dc=example,dc=com displayName: testuser 1 cn: testuser 1 objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetorgperson objectClass: inetuser objectClass: posixaccount objectClass: krbprincipalaux objectClass: krbticketpolicyaux objectClass: ipaobject objectClass: mepOriginEntry loginShell: /bin/bash sn: 1 gecos: testuser 1 homeDirectory: /home/testuser krbPwdPolicyReference: cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example, dc=com krbPrincipalName: testu...@example.com givenName: testuser uid: testuser initials: t1 uidNumber: 166864 gidNumber: 166864 ipaUniqueID: 0d620620-acfd-11e1-943c-52540025e829 mepManagedEntry: cn=testuser,cn=groups,cn=accounts,dc=example,dc=com krbPasswordExpiration: 20120831215158Z krbLastPwdChange: 20120602215158Z krbExtraData:: AAL+ispPdGVzdHVzZXJARVhBTVBMRS5DT00A krbExtraData:: AAgBAA== krbLastSuccessfulAuth: 20120602215703Z krbLoginFailedCount: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root@ds01 ~]# It looks like it isn't creating the mail attribute by default. I opened ticket https://fedorahosted.org/freeipa/ticket/2810 rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users