[Freeipa-users] mail entries not populated for users
Dale Macartney
dale at themacartneyclan.com
Tue Jun 5 13:14:44 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/06/12 14:09, Rob Crittenden wrote:
> Dale Macartney wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi all
>>
>> I may be overlooking something here, but from what I can gather, the
>> value in the ipa config of "Default e-mail domain for new users" should
>> automatically create the mail attribute for said user upon creation?
>>
>> Do I need to do an additional step or something to activate the mail
>> attribute or is it missing?
>>
>> Any pointers on what I'm missing to mail-enable a user in ldap?
>>
>>
>> Running RHEL 6.2 x86_64 with ipa-server 2.1.3-9.el6
>>
>> Output from ipa server as follows
>>
>> [root at ds01 ~]# ipa config-show
>> Max. username length: 32
>> Home directory base: /home
>> Default shell: /bin/bash
>> Default users group: ipausers
>> Default e-mail domain for new users: example.com
>> Search time limit: 2
>> Search size limit: 100
>> User search fields: uid,givenname,sn,telephonenumber,ou,title
>> Group search fields: cn,description
>> Enable migration mode: FALSE
>> Certificate Subject base: O=EXAMPLE.COM
>> Password Expiration Notification (days): 4
>> [root at ds01 ~]#
>>
>>
>>
>> [root at ds01 ~]# ldapsearch -x -b dc=example,dc=com -P 3 -b
>> "uid=testuser,cn=users,cn=accounts,dc=example,dc=com"
>> # extended LDIF
>> #
>> # LDAPv3
>> # base<uid=testuser,cn=users,cn=accounts,dc=example,dc=com> with scope
>> subtree
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # testuser, users, accounts, example.com
>> dn: uid=testuser,cn=users,cn=accounts,dc=example,dc=com
>> displayName: testuser 1
>> cn: testuser 1
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalperson
>> objectClass: inetorgperson
>> objectClass: inetuser
>> objectClass: posixaccount
>> objectClass: krbprincipalaux
>> objectClass: krbticketpolicyaux
>> objectClass: ipaobject
>> objectClass: mepOriginEntry
>> loginShell: /bin/bash
>> sn: 1
>> gecos: testuser 1
>> homeDirectory: /home/testuser
>> krbPwdPolicyReference:
>> cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,
>> dc=com
>> krbPrincipalName: testuser at EXAMPLE.COM
>> givenName: testuser
>> uid: testuser
>> initials: t1
>> uidNumber: 1668600004
>> gidNumber: 1668600004
>> ipaUniqueID: 0d620620-acfd-11e1-943c-52540025e829
>> mepManagedEntry: cn=testuser,cn=groups,cn=accounts,dc=example,dc=com
>> krbPasswordExpiration: 20120831215158Z
>> krbLastPwdChange: 20120602215158Z
>> krbExtraData:: AAL+ispPdGVzdHVzZXJARVhBTVBMRS5DT00A
>> krbExtraData:: AAgBAA==
>> krbLastSuccessfulAuth: 20120602215703Z
>> krbLoginFailedCount: 0
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>> [root at ds01 ~]#
>
> It looks like it isn't creating the mail attribute by default. I opened
ticket https://fedorahosted.org/freeipa/ticket/2810
>
> rob
Thanks for pointing out it wasn't me doing something silly ;-)
On thinking deeper onto the issue, perhaps it is beneficial not to have
it done by default? e.g if I have a mail server accepting mail for ldap
lookups for mail entries, this would mean EVERYONE has a mailbox whereas
that might not be beneficial in many situations..
In the AD side of things, a user has to be mail enabled, in order to
become valid for mail purposes.
In this situation, I can manually add the mail address with "ipa
user-mod --email=testuser at example.com" which does what I was needing.
Theres a few reasons for and against having default email access for new
users...
I'm just bouncing some ideas out loud at the moment. Thoughts?
Dale
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPzgZCAAoJEAJsWS61tB+qMasQAJgC3lSdU5HvteVvnNLFF1wz
yAlwtE00NaWhF/VOToafxQdwjHfcf5PRYgqVXi92DnVzCBkOUIGUnMvumsXTEDic
+WwVgQgU+p4kEDtHfyTXdwP5g8C4fZXpwdDdexLrB3lTWcelhgZCx2dd4vUIuMRj
z4JUWSin0BOjtH80N/hwL4pj7m+Bn2lzBQYlm5LBU9d5Y2YhAJwJcgAbixWHzzsg
fDhCNNrxttkcLBzUVbeax1cyj16HotR9d3YdPsdwJqzonwTYHK20Hf109clujbUS
nesmL8AXdapCrZtrrBw8SeTmN32/G9OhoBvND9hqPLNa10MrMxOs8Mj+8UWMQnL+
nWniUHueIYCECdYOwCkydBHkFOVXDE5HiWbTAv9nYOQ7AzI2xKfE8YtezUypmWLP
NeFW/bER3eZZN54tQz6KbO2+5BjS+iBe6H39j8sKQv99FN1qpKLJOo3y5JxChzWU
WsXasm41INXSeneB6plVHuCXqO70Mh0fv/TG+bGWysQm3hwporIQs7/pzp8uFnRI
zfAewysabykMTDgnJdLzKzr7C1q3lyCX5WWR5OdZambY6nR853cP5bjvTnbDHE0t
yfza/F2PNMuT9mehmAroKKKb8GZ6YTxOenpVvgW/c+VB5i8iM+NO/8gBa5XUqzLt
vQTqo/XQcB3bqC+KP1b5
=pYR/
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc
Type: application/pgp-keys
Size: 5790 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120605/8ddb0bca/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120605/8ddb0bca/attachment.sig>
More information about the Freeipa-users
mailing list