Hi, As I mentioned earlier, I am creating a plugin. My plugin creates the following container:
# postfixadmin, mailserver, etc, ipa.test dn: cn=postfixadmin,cn=mailserver,cn=etc,dc=ipa,dc=test objectClass: top objectClass: nsContainer cn: postfixadmin Domain entries are like this: # ipa.test, postfixadmin, mailserver, etc, ipa.test dn: cn=ipa.test,cn=postfixadmin,cn=mailserver,cn=etc,dc=ipa,dc=test cn: ipa.test objectClass: postfixDomain objectClass: nsContainer objectClass: top Mailboxes are under a domain: # francis, ipa.test, postfixadmin, mailserver, etc, ipa.test dn: uid=francis,cn=ipa.test,cn=postfixadmin,cn=mailserver,cn=etc,dc=ipa,dc=te st uid: francis givenName: francis sn: Medeiros-Logeay objectClass: postfixMailbox objectClass: person objectClass: inetOrgPerson objectClass: inetUser objectClass: top objectClass: organizationalPerson cn: francis Medeiros-Logeay postfixMailAddress: [email protected] status: TRUE And finally aliases: # testing, ipa.test, postfixadmin, mailserver, etc, ipa.test dn: uid=testing,cn=ipa.test,cn=postfixadmin,cn=mailserver,cn=etc,dc=ipa,dc=te st uid: testing postfixMailDestination: [email protected] status: FALSE objectClass: postfixAlias objectClass: top postfixMailAlias: [email protected] However, when using ldapsearch with a system user and using cn=postfixadmin,cn=mailserver,cn=etc,$SUFFIX, I only get the top container and the domain. I don’t get any of the other entries. Doing the same with an admin gives me all the entries below the mentioned DN. I am confused about permissions, so I tried to add this to the class «Alias» on my plugin code: managed_permissions = { 'System: Read Mail Data': { 'ipapermlocation': DN(('cn', 'postfixadmin'), ('cn', 'mailserver'), ('cn', 'etc')), 'ipapermbindruletype': 'annonymous', 'ipapermtarget': DN(('cn', 'postfixadmin'), ('cn', 'mailserver'), ('cn', 'etc')), 'replaces_global_anonymous_aci': True, 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': { 'cn', 'objectclass', 'postfixMailAlias', 'postfixMailDestination','uid','dn' } } } It doesn’t seem to help. I also added an attribute to my users, called «postfixMailAddress». That attribute is also not visible to my system user, despite having added this to my code: user.managed_permissions = {**user.managed_permissions, **{ 'System: Read User Mail Attributes': { 'ipapermbindruletype': 'all ', 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': { 'postfixMailAddress', 'status', 'mailquota' }, 'System: Modify User Mail Attributes': { 'ipapermbindruletype': 'permission', 'ipapermright': {'write', 'add', 'delete'}, 'ipapermdefaultattr': { 'postfixMailAddress', 'status', 'mailquota' } } }}} I’d love if someone could please point me to the right direction to manage these permissions so that my binding user can see attributes and entries. Best, Francis _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
