[Freeipa-users] Domain/real as a TLD and email validation error
Petr Spacek
pspacek at redhat.com
Wed Feb 10 08:23:33 UTC 2016
On 10.2.2016 09:18, Alexander Bokovoy wrote:
> On Wed, 10 Feb 2016, Jérôme Fenal wrote:
>> Hi all,
>>
>> Installing an IPA instance with domain/realm as a TLD, in my case
>> "internal", works fine.
>>
>> Until I try to add a user within the domain, using the web interface,
>> which fails with the following error:
>>
>> IPA Error 3009: ValidationError
>>
>> invalid 'email': invalid e-mail format: jf at internal
>>
>> The same error happens using "ipa user-add" when the
>> --email=mail at redhat.com is not specified.
>>
>> Can we overcome/circumvent this error in the UI?
>>
>> Or should we recommend against using TLD or one domain component domains?
> See
> https://www.redhat.com/archives/freeipa-users/2015-August/msg00078.html
> for inspiration.
Hold on!
Use of made-up domains in inherently broken and recommended against by
official documentation:
Please see
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/prerequisites.html#dns-reqs
and also
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_DNS_Traffic_with_DNSSEC.html#sec-Recommended_Naming_Practices
Long story short, do not use anything else than a domain you actually bought.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list