[Freeipa-users] mail entries not populated for users
Rob Crittenden
rcritten at redhat.com
Tue Jun 5 13:21:02 UTC 2012
Dale Macartney wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> On 05/06/12 14:09, Rob Crittenden wrote:
>> Dale Macartney wrote:
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Hi all
>>>
>>> I may be overlooking something here, but from what I can gather, the
>>> value in the ipa config of "Default e-mail domain for new users" should
>>> automatically create the mail attribute for said user upon creation?
>>>
>>> Do I need to do an additional step or something to activate the mail
>>> attribute or is it missing?
>>>
>>> Any pointers on what I'm missing to mail-enable a user in ldap?
>>>
>>>
>>> Running RHEL 6.2 x86_64 with ipa-server 2.1.3-9.el6
>>>
>>> Output from ipa server as follows
>>>
>>> [root at ds01 ~]# ipa config-show
>>> Max. username length: 32
>>> Home directory base: /home
>>> Default shell: /bin/bash
>>> Default users group: ipausers
>>> Default e-mail domain for new users: example.com
>>> Search time limit: 2
>>> Search size limit: 100
>>> User search fields: uid,givenname,sn,telephonenumber,ou,title
>>> Group search fields: cn,description
>>> Enable migration mode: FALSE
>>> Certificate Subject base: O=EXAMPLE.COM
>>> Password Expiration Notification (days): 4
>>> [root at ds01 ~]#
>>>
>>>
>>>
>>> [root at ds01 ~]# ldapsearch -x -b dc=example,dc=com -P 3 -b
>>> "uid=testuser,cn=users,cn=accounts,dc=example,dc=com"
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base<uid=testuser,cn=users,cn=accounts,dc=example,dc=com> with scope
>>> subtree
>>> # filter: (objectclass=*)
>>> # requesting: ALL
>>> #
>>>
>>> # testuser, users, accounts, example.com
>>> dn: uid=testuser,cn=users,cn=accounts,dc=example,dc=com
>>> displayName: testuser 1
>>> cn: testuser 1
>>> objectClass: top
>>> objectClass: person
>>> objectClass: organizationalperson
>>> objectClass: inetorgperson
>>> objectClass: inetuser
>>> objectClass: posixaccount
>>> objectClass: krbprincipalaux
>>> objectClass: krbticketpolicyaux
>>> objectClass: ipaobject
>>> objectClass: mepOriginEntry
>>> loginShell: /bin/bash
>>> sn: 1
>>> gecos: testuser 1
>>> homeDirectory: /home/testuser
>>> krbPwdPolicyReference:
>>> cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,
>>> dc=com
>>> krbPrincipalName: testuser at EXAMPLE.COM
>>> givenName: testuser
>>> uid: testuser
>>> initials: t1
>>> uidNumber: 1668600004
>>> gidNumber: 1668600004
>>> ipaUniqueID: 0d620620-acfd-11e1-943c-52540025e829
>>> mepManagedEntry: cn=testuser,cn=groups,cn=accounts,dc=example,dc=com
>>> krbPasswordExpiration: 20120831215158Z
>>> krbLastPwdChange: 20120602215158Z
>>> krbExtraData:: AAL+ispPdGVzdHVzZXJARVhBTVBMRS5DT00A
>>> krbExtraData:: AAgBAA==
>>> krbLastSuccessfulAuth: 20120602215703Z
>>> krbLoginFailedCount: 0
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 2
>>> # numEntries: 1
>>> [root at ds01 ~]#
>>
>> It looks like it isn't creating the mail attribute by default. I opened
> ticket https://fedorahosted.org/freeipa/ticket/2810
>>
>> rob
>
> Thanks for pointing out it wasn't me doing something silly ;-)
>
> On thinking deeper onto the issue, perhaps it is beneficial not to have
> it done by default? e.g if I have a mail server accepting mail for ldap
> lookups for mail entries, this would mean EVERYONE has a mailbox whereas
> that might not be beneficial in many situations..
>
> In the AD side of things, a user has to be mail enabled, in order to
> become valid for mail purposes.
>
> In this situation, I can manually add the mail address with "ipa
> user-mod --email=testuser at example.com" which does what I was needing.
>
> Theres a few reasons for and against having default email access for new
> users...
>
> I'm just bouncing some ideas out loud at the moment. Thoughts?
>
Our intention was to automatically populate the field if the default
e-mail domain was set. If it wasn't then we'd do nothing.
rob
More information about the Freeipa-users
mailing list