Hello Martin and List Thanks for the answer and Help.
I mean my big Problem is to understand the way to configure a ACI :-(. I can't found any example or docs to configure this correct :-(. I mean this is a problem for the professional LIGA in FreeIPA , and I am not a professional :-(.. I make this, for all LDAP configured Apps ipa group-add systemers --nonposix #group ipa pwpolicy-add systemers --maxlife=20000 --minclasses=3 --priority=0 #forever-passwords ipa user-add ldapbind --first=ldapbind --last=systemer --homedir=/ --gecos="" --shell=/usr/sbin/nologin --email="" --random #user This user (ldapbind) is only in group systemers But now I have to create for this user a ACI to read the uid, passwd,mail,mailAlternateAddress... mailAlternateAddress is in "objectClass mailrecipient" I mean I must have a ACI like access to attribute= ............ Have any a hint or link to understand this Problem? Thanks for a answer and help, Am Montag, 17. Oktober 2016, 07:35:26 schrieb Martin Babinsky: > On 10/16/2016 12:22 PM, Günther J. Niederwimmer wrote: > > Hello, > > > > IPA 4.3.1 > > > > I have a big Problem with my LDAP Read User (ldapbind) I like to install > > dovecot with IPA, but I must have "mailAternateAddress" I found a Plugin > > for this, but now I cant read this Attributes :-(. > > > > Is this the actual way to implement a System Account > > > > # ldapmodify -x -D 'cn=Directory Manager' -W > > dn: uid=system,cn=sysaccounts,cn=etc,dc=example,dc=com > > changetype: add > > objectclass: account > > objectclass: simplesecurityobject > > uid: system > > userPassword: secret123 > > passwordExpirationTime: 20380119031407Z > > nsIdleTimeout: 0 > > <blank line> > > ^D > > > > https://www.freeipa.org/page/HowTo/LDAP#System_Accounts > > > > The IPA Docs have no time stamp to found out, is this actual or old :-(. > > > > Thanks for a answer, > > Hi Gunther, > > that LDIF look ok to me. > > Do not forget that you must set up the correct ACIs in order for the > system account to see the 'mailAlternaleAddress' attribute. -- mit freundlichen Grüßen / best regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project