[Freeipa-users] Non-human users
Brian Cook
bcook at redhat.com
Fri Feb 15 21:09:26 UTC 2013
On Feb 15, 2013, at 1:02 PM, John Dennis <jdennis at redhat.com> wrote:
> On 02/15/2013 03:57 PM, Orion Poplawski wrote:
>> On 02/15/2013 01:56 PM, John Dennis wrote:
>>> On 02/15/2013 03:46 PM, Simo Sorce wrote:
>>>> This is an interesting use case, it would probably be appropriate to
>>>> have a RFE filed to allow to create ipa users marked as 'non-person' so
>>>> that they are not assigned the person objectclass.
>>>
>>> Yes, that addresses one large component of the problem. But the part of the
>>> requirement is not to have non-humans show up in every client (e.g. mail
>>> clients) that support LDAP directory lookups. That means they have to modify
>>> the filter on every client. That's a tall order :-(
>>>
>>
>> Actually, this would cover it. The LDAP address book searches look for
>> attributes that the *person objectclasses provide. Without them, they are
>> excluded.
>
> Interesting, before I replied I checked the filter in my Thunderbird client and it's set to (objectclass=*). I don't know if I modified it as some point or if it's the default, I assumed it's the default. I suspect it's the default filter for many clients.
>
I think maybe he means that he is putting a custom search string in the address books that filters out objects that don't have attributes that *person object classes provide, but that doesn't work unless you can keep those attributes from being assigned to non-person accounts in freeipa.
-Brian
>
> --
> John Dennis <jdennis at redhat.com>
>
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list