[Freeipa-devel] [PATCH] 200 Ease zonemgr restrictions
Rob Crittenden
rcritten at redhat.com
Tue Jan 24 14:21:32 UTC 2012
Martin Kosek wrote:
> On Mon, 2012-01-23 at 15:46 -0500, Rob Crittenden wrote:
>> Martin Kosek wrote:
>>> Admin e-mail validator currently requires an email to be in
>>> a second-level domain (hostmaster at example.com). This is too
>>> restrictive. Top level domain e-mails (hostmaster at testrelm)
>>> should also be allowed.
>>>
>>> This patch also fixes default zonemgr value in help texts and man
>>> pages.
>>>
>>> https://fedorahosted.org/freeipa/ticket/2272
>>
>> This fixes the problem of single component domain installation but it
>> does seem to really weaken the checking.
>>
>> For example, if you install with your domain as example.com you can set
>> the zonemgr e-mail to hostmaster at example.
>>
>> I don't want to make this too complex, just wanted another opinion.
>>
>> rob
>
> Good point. But if we want to allow top-level domain e-mails we'd need
> to allow e-mails like hostmaster at example. How would this situation be
> different from hostmaster at testrelm ? (This was the reported failing
> e-mail). Both e-mails are syntactically OK.
>
> Martin
>
The complex part I had in mind was comparing the domain in the e-mail
addr with the configured domain.
We need to be able to support when IPA is itself a subdomain but the
hostmaster is in the primary: domain=sub.example.com,
hostmaster at example.com.
It might also point somewhere else entirely, hostmaster at hosted.com.
Maybe we ensure that the e-mail address domain is equal to or a part of
the configured domain OR the domain is already resolvable?
So move right to left matching as it goes. Of course this would allow
hostmaster at com but we may just have to live with it.
rob
More information about the Freeipa-devel
mailing list