Hi, I created a System Account as indicated at https://www.freeipa.org/page/HowTo/LDAP#system-accounts and it works as expected (it is used to perform LDAP bind for authentication in my email application). The problem comes when I try to use it to read additional attributes (required by postfix-ldap) in my users, for example, mailAlternateAddress (it is not able to read the attribute).
As a workaround, I created a "regular" LDAP user and assigned the permissions/roles required and it works, however, I don't think that a dedicated user should be created to perform this task, am I wrong? Considering the scenario described, I have a couple of questions: 1. Is it possible to grant permissions to a System Account to read those attributes? (I tried to add it to the roles/permissions using memberOf but it didn't allow to add those attributes, I got a permissions error even if I used my admin account to run ldapmodify) 2. What would be the "correct" way to do the configuration? (I mean regular user? other?) Thanks -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue