I am planning two customizations to our directory and wanted to find out if they pose any risks with future migrations.

First we have a subtree in our directory cn-applications,cn-accounts,dc=REALM,dc=com that contains application based accounts. I plan to enforce a separate password policy for entries in this container providing for a longer password age.

Second, we have been asked to modify the visibility of some of the default IPA account attributes when viewed by other authenticated users. Specifically, the cell phone, home phone and jpegPhoto attributes. I plan on applying a customized set of ACIs to the cn=People container that specify the visibility.

Do either of these customization pose any risks?

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to