Bit late to the conversation here, but if you want another example of a quasi-system account within IPA, there is the need for a user to handle automated enrollment/re-enrollment of servers.
Charlie On Fri, Feb 15, 2013 at 11:32 PM, Brian Cook <[email protected]> wrote: > > On Feb 15, 2013, at 3:11 PM, Simo Sorce <[email protected]> wrote: > > On Fri, 2013-02-15 at 17:34 -0500, Dmitri Pal wrote: > > On 02/15/2013 05:12 PM, John Dennis wrote: > > On 02/15/2013 04:54 PM, Orion Poplawski wrote: > > On 02/15/2013 02:34 PM, John Dennis wrote: > > On 02/15/2013 04:16 PM, Orion Poplawski wrote: > > > Hmm, that is the filter in TB for me too, but: > > [15/Feb/2013:11:17:21 -0700] conn=931 op=1 SRCH > base="ou=people,dc=nwra,dc=com" scope=2 > filter="(|(mail=*apache*)(cn=*apache*)(givenName=*apache*)(sn=*apache*))" > > attrs="description notes title sn sn mozillaHomeLocalityName givenName > mozillaHomeState mail mozillaWorkUrl workurl labeledURI o company > mozillaNickname mozillaNickname mobile cellphone carphone > modifyTimestamp > nsAIMid nsAIMid telephoneNumber birthyear c c mozillaHomeStreet cn cn > postalCode zip mozillaCustom1 custom1 mozillaHomeCountryName > homePhone st > region mozillaCustom2 custom2 mozillaSecondEmail mozillaSecondEmail > facsimileTelephoneNumber facsimileTelephoneNumber mozillaCustom3 > custom3 > mozillaUseHtmlMail mozillaUseHtmlMail mozillaHomeStreet2 birthday > street > street postOfficeBox mozillaCustom4 custom4 mozillaHomeUrl homeurl > l l pager > pagerphone ou department departmentNumber orgunit birthmonth > mozillaWorkStreet2 mozillaHomePostalCode objectClass" > > is what I see in the LDAP server log > > > I don't know, beats me as to why there is no objectclass filter > component. > Perhaps TB is smart enough to know (objectclass=*) is effectively a > no-op and > ignores it when it builds the final filter. > > What happens if you set the TB filter to (objectclass=person)? > > > Yup, then it adds it: > > > > filter="(&(objectClass=person)(|(mail=*apac*)(cn=*apac*)(givenName=*apac*)(sn=*apac*)))" > > > > O.K. I presume it's obvious the consequence of this little experiment > is that if we do an an RFE that results in removing the person > objectclass from non-human users you'll have to configure a custom > LDAP search filter in every client in your enterprise if you don't > want them to see non-human users in their search results. > > Can it be managed via Puppet? > > > Unlikely, thunderbird preferences are per user and stored in user > preference files, which cannot be arbitrarily overridden. > > > Following URL details a deployment method that configures thunderbird for > address book in AD with a custom search string. Maybe you can use it or it > will inspire you as to how to accomplish your deployment. > > http://wpkg.org/Thunderbird#System-wide > > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
