On Fri, May 16, 2014 at 10:54 AM, Tuc <[email protected]> wrote: > Basically, we have a legacy LDAP that we're trying to deal with. We have a > bunch of id's that are created in the "ou=People" that really aren't people, > they're service accounts/application accounts/who knows WHERE they are. We > also have a mobile app that through an API pulls our company directory. > Management gets a bit annoyed when they see "Jenkins" (Build system), > "BDTestUser", etc as company employees. We thought that simply taking the > "ObjectClass: person" off the individual records would allow us to just > search for the ones without it explicitly stated and we could work on moving > the offenders to our "SVC_Account" OU. But we do the search and it just > returns everything.
Unfortunately that won't work, because of the objectClass inheritance. Maybe there's some other value (looking at your examples above, radiusProfile or pwmUser?) that you could search for.
