Hi,
I created a System Account as indicated at
https://www.freeipa.org/page/HowTo/LDAP#system-accounts and it works as expected (it is
used to perform LDAP bind for authentication in my email application). The problem comes
when I try to use it to read additional attributes (required by postfix-ldap) in my users,
for example, mailAlternateAddress (it is not able to read the attribute).
As a workaround, I created a "regular" LDAP user and assigned the
permissions/roles required and it works, however, I don't think that a dedicated user
should be created to perform this task, am I wrong?
Considering the scenario described, I have a couple of questions:
1. Is it possible to grant permissions to a System Account to read those attributes? (I
tried to add it to the roles/permissions using memberOf but it didn't allow to add
those attributes, I got a permissions error even if I used my admin account to run
ldapmodify)
2. What would be the "correct" way to do the configuration? (I mean regular
user? other?)
Thanks