[Freeipa-users] modify schema - add group email and display attribute
Alexander Bokovoy
abokovoy at redhat.com
Thu Jan 19 14:22:34 UTC 2017
On to, 19 tammi 2017, Sandor Juhasz wrote:
>One more issue. Service user cannot see the new attribute. It does see the objectclass.
>
>ldif:
>dn: cn=schema
>changetype: modify
>add: objectclasses
>objectclasses: ( 1.3.6.1.4.1.49232.1.1
>NAME 'groupMail'
>SUP top
>STRUCTURAL
>MAY ( mail $ displayname )
>X-ORIGIN 'Extending FreeIPA' )
>
>Service user:
>uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld
>
>Regular user:
>uid=admin,cn=users,cn=accounts,dc=test,dc=tld
admin is not a regular user.
>They both see objectclass=groupmail, but uid=googlesync does not birng back
>mail and displyaname, while using ldapsearch.
Do you have an ACI that allows to actually see the attribute?
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list