James Roman wrote:
I am planning two customizations to our directory and wanted to find out if they pose any risks with future migrations.


First we have a subtree in our directory cn-applications,cn-accounts,dc=REALM,dc=com that contains application based accounts. I plan to enforce a separate password policy for entries in this container providing for a longer password age.

You'll probably need to migrate this manually yourself at some point and cn=applications is an awfully generic name, no promises that we won't use that at some point for something else. But you're safe for now anyway.

Second, we have been asked to modify the visibility of some of the default IPA account attributes when viewed by other authenticated users. Specifically, the cell phone, home phone and jpegPhoto attributes. I plan on applying a customized set of ACIs to the cn=People container that specify the visibility.

Again, you'd probably be on the hook to migrate this yourself but it shouldn't be a big deal depending on the actual ACI(s). I assume you mean cn=users, right?

rob

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to