On 2014-05-16 12:14, Ryan Tandy wrote:
On Fri, May 16, 2014 at 8:59 AM, Tuc <[email protected]> wrote:
Is there some way I can modify the query to only get ones that would
look
like :
dn: uid=tuc,ou=People,dc=example,dc=com
objectClass: radiusprofile
objectClass: pwmUser
objectClass: top
VVVVVVVVVVVVVVVVVVV
objectClass: person
^^^^^^^^^^^^^^^^^^^
objectClass: posixAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson
An entry matching (objectClass=organizationalPerson) also satisfies
(objectClass=person) whether or not you write it explicitly. You can
ask for (&(objectClass=organizationalPerson)(!(objectClass=person)))
but there won't be any results.
Can you back up a few steps and explain the underlying problem you're
trying to solve?
Hi,
Basically, we have a legacy LDAP that we're trying to deal with. We
have a bunch of id's that are created in the "ou=People" that really
aren't people, they're service accounts/application accounts/who knows
WHERE they are. We also have a mobile app that through an API pulls our
company directory. Management gets a bit annoyed when they see "Jenkins"
(Build system), "BDTestUser", etc as company employees. We thought that
simply taking the "ObjectClass: person" off the individual records would
allow us to just search for the ones without it explicitly stated and we
could work on moving the offenders to our "SVC_Account" OU. But we do
the search and it just returns everything.
Tuc
