[Freeipa-users] Non-human users
Orion Poplawski
orion at cora.nwra.com
Fri Feb 15 22:35:29 UTC 2013
On 02/15/2013 03:12 PM, John Dennis wrote:
> On 02/15/2013 04:54 PM, Orion Poplawski wrote:
>> On 02/15/2013 02:34 PM, John Dennis wrote:
>>> What happens if you set the TB filter to (objectclass=person)?
>>>
>>
>> Yup, then it adds it:
>>
>>
>> filter="(&(objectClass=person)(|(mail=*apac*)(cn=*apac*)(givenName=*apac*)(sn=*apac*)))"
>>
>>
>
> O.K. I presume it's obvious the consequence of this little experiment is that
> if we do an an RFE that results in removing the person objectclass from
> non-human users you'll have to configure a custom LDAP search filter in every
> client in your enterprise if you don't want them to see non-human users in
> their search results.
>
Well, it at least doesn't present an email during auto completion (since there
is none), but an empty address book entry is returned during and address book
search.
Hopefully can be set with Mozilla Enterprise deployment tools.
And at least such a possibility would exist.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the Freeipa-users
mailing list