On Feb 15, 2013, at 1:02 PM, John Dennis <jden...@redhat.com> wrote:
> On 02/15/2013 03:57 PM, Orion Poplawski wrote:
>> On 02/15/2013 01:56 PM, John Dennis wrote:
>>> On 02/15/2013 03:46 PM, Simo Sorce wrote:
>>>> This is an interesting use case, it would probably be appropriate to
>>>> have a RFE filed to allow to create ipa users marked as 'non-person' so
>>>> that they are not assigned the person objectclass.
>>> Yes, that addresses one large component of the problem. But the part of the
>>> requirement is not to have non-humans show up in every client (e.g. mail
>>> clients) that support LDAP directory lookups. That means they have to modify
>>> the filter on every client. That's a tall order :-(
>> Actually, this would cover it. The LDAP address book searches look for
>> attributes that the *person objectclasses provide. Without them, they are
> Interesting, before I replied I checked the filter in my Thunderbird client
> and it's set to (objectclass=*). I don't know if I modified it as some point
> or if it's the default, I assumed it's the default. I suspect it's the
> default filter for many clients.
I think maybe he means that he is putting a custom search string in the address
books that filters out objects that don't have attributes that *person object
classes provide, but that doesn't work unless you can keep those attributes
from being assigned to non-person accounts in freeipa.
> John Dennis <jden...@redhat.com>
> Looking to carve out IT costs?
> Freeipa-users mailing list
Freeipa-users mailing list