[Freeipa-users] Why are some user's information not stored in the LDAP database?
Sumit Bose
sbose at redhat.com
Fri Oct 16 14:40:33 UTC 2015
On Fri, Oct 16, 2015 at 04:01:08PM +0200, Fujisan wrote:
> Yes, sorry, you're right. It works. I was using the wrong command:
>
> $ ldapsearch -x -h localhost uid=smith
>
> instead of
>
> $ ldapsearch -x -h localhost -D cn=directory\ manager -W -b
> cn=users,cn=accounts,dc=example,dc=test uid=smith
>
Fuji, David, please keep in mind that the Directory Manager account
really can read everything in the LDAP tree and should be used with
great care. While it is ok to use it to check if a specific attribute is
set or not, it should not be used in the configuration of other
applications to access the directory server.
The mail attribute it protected by an ACI which allows access for
"ldap:///all", i.e. all authenticated users. So you do not have to use
the Directory Manager to read the attribute but any other account will
work as well, e.g.
$ ldapsearch -x -h localhost uid=smith -D uid=smith,cn=users,cn=accounts,dc=example,dc=test -W
should display the mail attribute as well after entering the password
for smith.
HTH
bye,
Sumit
>
>
>
> On Fri, Oct 16, 2015 at 3:52 PM, David Kupka <dkupka at redhat.com> wrote:
>
> > On 16/10/15 15:26, Fujisan wrote:
> >
> >> Hello,
> >>
> >> When I enter the email address, the phone number or the mailing address of
> >> ipa user 'smith' in the web ui "Identity/Users/smith", it does not appears
> >> in the output of ldapsearch.
> >> Sendmail can look into the ldap database and get the email address of a
> >> user and send mail to that user.
> >>
> >> Is it possible to add those info especially the email address in the ldap
> >> database?
> >>
> >> Regards,
> >> Fuji.
> >>
> >>
> >>
> >>
> > Hello,
> > I just tried and it worked as expected. Could you post your ldapsearch and
> > its result?
> >
> > $ ldapsearch -D"cn=Directory Manager" -w Secret123 -h localhost -b
> > cn=users,cn=accounts,dc=example,dc=test uid=tuser1
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <cn=users,cn=accounts,dc=example,dc=test> with scope subtree
> > # filter: uid=tuser1
> > # requesting: ALL
> > #
> >
> > # tuser1, users, accounts, example.test
> > dn: uid=tuser1,cn=users,cn=accounts,dc=example,dc=test
> > displayName: Test User
> > uid: tuser1
> > objectClass: ipaobject
> > objectClass: person
> > objectClass: top
> > objectClass: ipasshuser
> > objectClass: inetorgperson
> > objectClass: organizationalperson
> > objectClass: krbticketpolicyaux
> > objectClass: krbprincipalaux
> > objectClass: inetuser
> > objectClass: posixaccount
> > objectClass: ipaSshGroupOfPubKeys
> > objectClass: mepOriginEntry
> > loginShell: /bin/sh
> > initials: TU
> > gecos: Test User
> > sn: User
> > homeDirectory: /home/tuser1
> > mail: tuser1 at example.test
> > krbPrincipalName: tuser1 at EXAMPLE.TEST
> > givenName: Test
> > cn: Test User
> > ipaUniqueID: 0c246a30-740c-11e5-986e-001a4a231292
> > uidNumber: 383200003
> > gidNumber: 383200003
> > mepManagedEntry: cn=tuser1,cn=groups,cn=accounts,dc=example,dc=test
> > memberOf: cn=ipausers,cn=groups,cn=accounts,dc=example,dc=test
> >
> > # search result
> > search: 2
> > result: 0 Success
> >
> > # numResponses: 2
> > # numEntries: 1
> >
> > --
> > David Kupka
> >
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list