[Freeipa-users] Non-human users
Orion Poplawski
orion at cora.nwra.com
Fri Feb 15 23:07:52 UTC 2013
On 02/15/2013 04:06 PM, Orion Poplawski wrote:
> On 02/15/2013 04:03 PM, Simo Sorce wrote:
>> On Fri, 2013-02-15 at 17:12 -0500, John Dennis wrote:
>>> On 02/15/2013 04:54 PM, Orion Poplawski wrote:
>>>> Yup, then it adds it:
>>>>
>>>>
>>>> filter="(&(objectClass=person)(|(mail=*apac*)(cn=*apac*)(givenName=*apac*)(sn=*apac*)))"
>>>>
>>>>
>>>
>>> O.K. I presume it's obvious the consequence of this little experiment is
>>> that if we do an an RFE that results in removing the person objectclass
>>> from non-human users you'll have to configure a custom LDAP search
>>> filter in every client in your enterprise if you don't want them to see
>>> non-human users in their search results.
>>
>> Not really, without the person objectclass none of the attributes
>> thunderbird searches by default would be part of the user object, so the
>> user would *not* show up.
>>
>> So the RFE would perfectly solve also the requirement these 'non-person'
>> users do not show up in thunderbird.
>>
>> Simo.
>>
>
> posixAccount must have "cn".
>
>
That said, there are still other (and arguably more important) reasons for
this RFE.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the Freeipa-users
mailing list