[Freeipa-users] Change default email format

Alexander Bokovoy abokovoy at redhat.com
Wed Aug 5 19:29:15 UTC 2015

On Mon, 03 Aug 2015, Justean wrote:
>Good morning, I was wondering if there is a way to change the way
>freeipa builds a user's email address by default. Currently it takes
>the username and appends the domain name but I would like it to take
>the form firstname.lastname at domainname.com
It is not possible to redefine email's format via configuration so you
need to write some code. Luckily, you can amend existing code without
touching it.

Below is an example:
from ipalib.plugins.user import user_add

def override_default_mail_cb(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
    if not 'mail' in entry_attrs:
         name = {'givenname': entry_attrs.get('givenname').lower(),
                 'sn': entry_attrs.get('sn').lower()}
         mail = "{givenname}.{sn}".format(**name)
         entry_attrs['mail'] = self.obj.normalize_and_validate_email(mail)
    return dn

user_add.register_pre_callback(override_default_mail_cb, first=True)

What this Python code does? It adds a callback to user-add method in IPA
that is run before other callbacks (first=True). The callback is then
checks if mail attribute was already specified by the administrator
when calling 'ipa user-add' (Web UI calls this for you). If not, it
derives mail format from lower-cased versions of first and last names of
the user (known as 'givenname' and 'sn' attributes in LDAP
correspondingly). It then sets mail attribute to a full email format via
self.obj.normalize_and_validate_email() function which will pick up the
default DNS domain value and construct correct email.

You need to maintain this plugin extension on all IPA masters used for
creating users. Best way to do that is by packaging the plugin in an RPM
and installing it on IPA masters.

You also need to restart httpd service on IPA master to apply the

It is used like this:

# systemctl restart httpd
# ipa user-add some.user --first Some --last User 
Added user "some.user"
  User login: some.user
  First name: Some
  Last name: User
  Full name: Some User
  Display name: Some User
  Initials: SU
  Home directory: /home/some.user
  GECOS: Some User
  Login shell: /bin/sh
  Kerberos principal: some.user at EXAMPLE.COM
  Email address: some.user at example.com
  UID: 1634400022
  GID: 1634400022
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

# ipa user-add another.user --first Another --last User --email a.user
Added user "another.user"
  User login: another.user
  First name: Another
  Last name: User
  Full name: Another User
  Display name: Another User
  Initials: AU
  Home directory: /home/another.user
  GECOS: Another User
  Login shell: /bin/sh
  Kerberos principal: another.user at EXAMPLE.COM
  Email address: a.user at example.com
  UID: 1634400021
  GID: 1634400021
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

Command line options and LDAP attribute names are not always the same.
You can use 'ipa show-mappings user-add' to see how CLI options map to
LDAP attributes.

/ Alexander Bokovoy

More information about the Freeipa-users mailing list