I seem to remember reading somewhere (although I can’t find it now) that you 
can’t manage organizational units in the IPA server. If that’s the case, how 
can I restrict the query results made by a particular user account? Can I 
restrict a user to only see others within the same group?

For example, if FIPA is my ldap backend for user accounts and I’m using a 
client that does contact lookups by AD I would only want contacts of a certain 
group or OU returned depending on the account performing the query. 

Traditionally, with ldap, this is easy to do since you can put all users within 
an OU and the service account performing the query is only allowed to query 
within that OU and the OU is usually set as the base for the search. 

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to