I seem to remember reading somewhere (although I can’t find it now) that you
can’t manage organizational units in the IPA server. If that’s the case, how
can I restrict the query results made by a particular user account? Can I
restrict a user to only see others within the same group?
For example, if FIPA is my ldap backend for user accounts and I’m using a
client that does contact lookups by AD I would only want contacts of a certain
group or OU returned depending on the account performing the query.
Traditionally, with ldap, this is easy to do since you can put all users within
an OU and the service account performing the query is only allowed to query
within that OU and the OU is usually set as the base for the search.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project