I am planning two customizations to our directory and wanted to find out if they pose any risks with future migrations.

First we have a subtree in our directory cn-applications,cn-accounts,dc=REALM,dc=com that contains application based accounts. I plan to enforce a separate password policy for entries in this container providing for a longer password age.

Second, we have been asked to modify the visibility of some of the default IPA account attributes when viewed by other authenticated users. Specifically, the cell phone, home phone and jpegPhoto attributes. I plan on applying a customized set of ACIs to the cn=People container that specify the visibility.

Do either of these customization pose any risks?

Freeipa-users mailing list

Reply via email to