I am planning two customizations to our directory and wanted to find out
if they pose any risks with future migrations.
First we have a subtree in our directory
cn-applications,cn-accounts,dc=REALM,dc=com that contains application
based accounts. I plan to enforce a separate password policy for entries
in this container providing for a longer password age.
Second, we have been asked to modify the visibility of some of the
default IPA account attributes when viewed by other authenticated users.
Specifically, the cell phone, home phone and jpegPhoto attributes. I
plan on applying a customized set of ACIs to the cn=People container
that specify the visibility.
Do either of these customization pose any risks?
Freeipa-users mailing list