Most probably i don't. At least i have never created one, neither did this http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf refer anything like that.
How do i do it? Sándor Juhász System Administrator ChemAxon Ltd . Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031 Cell: +36704258964 From: "Alexander Bokovoy" <aboko...@redhat.com> To: "Sandor Juhasz" <sjuh...@chemaxon.com> Cc: freeipa-users@redhat.com Sent: Thursday, January 19, 2017 3:22:34 PM Subject: Re: [Freeipa-users] modify schema - add group email and display attribute On to, 19 tammi 2017, Sandor Juhasz wrote: >One more issue. Service user cannot see the new attribute. It does see the >objectclass. > >ldif: >dn: cn=schema >changetype: modify >add: objectclasses >objectclasses: ( 1.3.6.1.4.1.49232.1.1 >NAME 'groupMail' >SUP top >STRUCTURAL >MAY ( mail $ displayname ) >X-ORIGIN 'Extending FreeIPA' ) > >Service user: >uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld > >Regular user: >uid=admin,cn=users,cn=accounts,dc=test,dc=tld admin is not a regular user. >They both see objectclass=groupmail, but uid=googlesync does not birng back >mail and displyaname, while using ldapsearch. Do you have an ACI that allows to actually see the attribute? -- / Alexander Bokovoy
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
