LDAP Resolver with email tokens doesnt use ldap "mail" attribute
37 views
Skip to first unread message
jmdeking
Jun 6, 2016, 10:02:53 AM6/6/16
to privacyidea
Hi There,
I made an ldap resolver so everyone can log in to the server and assign a email token. Only problem for is that the email from ldap is not automatically filled in.
Is there any way to make this happen?
Kind Regards,
Johan
Cornelius Kölbel
Jun 6, 2016, 10:05:03 AM6/6/16
to priva...@googlegroups.com
Hi Johan,
please be more specific about "automatcally".
Please see:
https://www.privacyidea.org/getting-help/
If you configured everything all right you can select on of the multiple
email addresses the user can have in LDAP.
Kind regards
Cornelius
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/f2864fcc-8e1d-4ce0-ab7a-50cceef815bc%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
please be more specific about "automatcally".
Please see:
https://www.privacyidea.org/getting-help/
If you configured everything all right you can select on of the multiple
email addresses the user can have in LDAP.
Kind regards
Cornelius
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/f2864fcc-8e1d-4ce0-ab7a-50cceef815bc%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
jmdeking
Jun 6, 2016, 10:05:37 AM6/6/16
to privacyidea
Or make it possible to restrict users from sending email tokens to external domains outside of our reach.
Op maandag 6 juni 2016 16:02:53 UTC+2 schreef jmdeking:
Op maandag 6 juni 2016 16:02:53 UTC+2 schreef jmdeking:
Cornelius Kölbel
Jun 6, 2016, 10:10:09 AM6/6/16
to priva...@googlegroups.com
You should consider another approach!
Why should the user enroll an email token himself?
Why don't you create a script that creates an email token for each user,
who does not already have a token?
In this case you do not need to bother about the user.
You do not need to take care about any misconfiguration, the user may
do!
Kind regards
Cornelius
Why should the user enroll an email token himself?
Why don't you create a script that creates an email token for each user,
who does not already have a token?
In this case you do not need to bother about the user.
You do not need to take care about any misconfiguration, the user may
do!
Kind regards
Cornelius
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/e0f39e62-5ef1-4542-9113-3f8fb3f2c63c%40googlegroups.com.
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
> https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> Visit this group at https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
jmdeking
Jun 6, 2016, 10:49:54 AM6/6/16
to privacyidea
I want the user to choose its own authentication methode either by sms or by email.
Op maandag 6 juni 2016 16:10:09 UTC+2 schreef Cornelius Kölbel:
But when logging in as an ad user my email adres extracted from the "mail" attribute in ldap is not automatically filled in the "email adress" field in privacy idea when enrolling the token.
For ease of use i want this to be already filled in and i want to lock it down.
Op maandag 6 juni 2016 16:10:09 UTC+2 schreef Cornelius Kölbel:
Cornelius Kölbel
Jun 6, 2016, 11:11:29 AM6/6/16
to priva...@googlegroups.com
Hi Johan,
this is not configurable.
We could add an extra policy or setting for this token type to do so.
This would be the same for SMS.
If it is important to you, please state a feature request on github
https://github.com/privacyidea/privacyidea/issues
Or: You can enroll an email token AND an SMS token to each user right
away!
Kind regards
Cornelius
> https://groups.google.com/d/msgid/privacyidea/aafedd9b-8e19-4544-8c44-5291ed61c14a%40googlegroups.com.
this is not configurable.
We could add an extra policy or setting for this token type to do so.
This would be the same for SMS.
If it is important to you, please state a feature request on github
https://github.com/privacyidea/privacyidea/issues
Or: You can enroll an email token AND an SMS token to each user right
away!
Kind regards
Cornelius
jmdeking
Jun 6, 2016, 11:23:18 AM6/6/16
to privacyidea
Thanks a lot for your clear response.
How would one go about to enroll email and sms to everyone?
Op maandag 6 juni 2016 17:11:29 UTC+2 schreef Cornelius Kölbel:
Op maandag 6 juni 2016 17:11:29 UTC+2 schreef Cornelius Kölbel:
Cornelius Kölbel
Jun 6, 2016, 11:35:54 AM6/6/16
to priva...@googlegroups.com
You can run a cron job and use the REST API
http://privacyidea.readthedocs.io/en/latest/modules/api.html
or the command line client.
https://github.com/privacyidea/privacyideaadm
> https://groups.google.com/d/msgid/privacyidea/4b70f855-924f-4b8e-9087-6c1c4e88b0fb%40googlegroups.com.
http://privacyidea.readthedocs.io/en/latest/modules/api.html
or the command line client.
https://github.com/privacyidea/privacyideaadm
Reply all
Reply to author
Forward
0 new messages