[Freeipa-users] Non-human users
Charlie Derwent
shelltoesuperstar at gmail.com
Sat Feb 16 13:31:58 UTC 2013
Bit late to the conversation here, but if you want another example of a
quasi-system account within IPA, there is the need for a user to handle
automated enrollment/re-enrollment of servers.
Charlie
On Fri, Feb 15, 2013 at 11:32 PM, Brian Cook <bcook at redhat.com> wrote:
>
> On Feb 15, 2013, at 3:11 PM, Simo Sorce <simo at redhat.com> wrote:
>
> On Fri, 2013-02-15 at 17:34 -0500, Dmitri Pal wrote:
>
> On 02/15/2013 05:12 PM, John Dennis wrote:
>
> On 02/15/2013 04:54 PM, Orion Poplawski wrote:
>
> On 02/15/2013 02:34 PM, John Dennis wrote:
>
> On 02/15/2013 04:16 PM, Orion Poplawski wrote:
>
>
> Hmm, that is the filter in TB for me too, but:
>
> [15/Feb/2013:11:17:21 -0700] conn=931 op=1 SRCH
> base="ou=people,dc=nwra,dc=com" scope=2
> filter="(|(mail=*apache*)(cn=*apache*)(givenName=*apache*)(sn=*apache*))"
>
> attrs="description notes title sn sn mozillaHomeLocalityName givenName
> mozillaHomeState mail mozillaWorkUrl workurl labeledURI o company
> mozillaNickname mozillaNickname mobile cellphone carphone
> modifyTimestamp
> nsAIMid nsAIMid telephoneNumber birthyear c c mozillaHomeStreet cn cn
> postalCode zip mozillaCustom1 custom1 mozillaHomeCountryName
> homePhone st
> region mozillaCustom2 custom2 mozillaSecondEmail mozillaSecondEmail
> facsimileTelephoneNumber facsimileTelephoneNumber mozillaCustom3
> custom3
> mozillaUseHtmlMail mozillaUseHtmlMail mozillaHomeStreet2 birthday
> street
> street postOfficeBox mozillaCustom4 custom4 mozillaHomeUrl homeurl
> l l pager
> pagerphone ou department departmentNumber orgunit birthmonth
> mozillaWorkStreet2 mozillaHomePostalCode objectClass"
>
> is what I see in the LDAP server log
>
>
> I don't know, beats me as to why there is no objectclass filter
> component.
> Perhaps TB is smart enough to know (objectclass=*) is effectively a
> no-op and
> ignores it when it builds the final filter.
>
> What happens if you set the TB filter to (objectclass=person)?
>
>
> Yup, then it adds it:
>
>
>
> filter="(&(objectClass=person)(|(mail=*apac*)(cn=*apac*)(givenName=*apac*)(sn=*apac*)))"
>
>
>
> O.K. I presume it's obvious the consequence of this little experiment
> is that if we do an an RFE that results in removing the person
> objectclass from non-human users you'll have to configure a custom
> LDAP search filter in every client in your enterprise if you don't
> want them to see non-human users in their search results.
>
> Can it be managed via Puppet?
>
>
> Unlikely, thunderbird preferences are per user and stored in user
> preference files, which cannot be arbitrarily overridden.
>
>
> Following URL details a deployment method that configures thunderbird for
> address book in AD with a custom search string. Maybe you can use it or it
> will inspire you as to how to accomplish your deployment.
>
> http://wpkg.org/Thunderbird#System-wide
>
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130216/434450fb/attachment.htm>
More information about the Freeipa-users
mailing list