On Feb 15, 2013, at 1:02 PM, John Dennis <jden...@redhat.com> wrote:
> On 02/15/2013 03:57 PM, Orion Poplawski wrote: >> On 02/15/2013 01:56 PM, John Dennis wrote: >>> On 02/15/2013 03:46 PM, Simo Sorce wrote: >>>> This is an interesting use case, it would probably be appropriate to >>>> have a RFE filed to allow to create ipa users marked as 'non-person' so >>>> that they are not assigned the person objectclass. >>> >>> Yes, that addresses one large component of the problem. But the part of the >>> requirement is not to have non-humans show up in every client (e.g. mail >>> clients) that support LDAP directory lookups. That means they have to modify >>> the filter on every client. That's a tall order :-( >>> >> >> Actually, this would cover it. The LDAP address book searches look for >> attributes that the *person objectclasses provide. Without them, they are >> excluded. > > Interesting, before I replied I checked the filter in my Thunderbird client > and it's set to (objectclass=*). I don't know if I modified it as some point > or if it's the default, I assumed it's the default. I suspect it's the > default filter for many clients. > I think maybe he means that he is putting a custom search string in the address books that filters out objects that don't have attributes that *person object classes provide, but that doesn't work unless you can keep those attributes from being assigned to non-person accounts in freeipa. -Brian > > -- > John Dennis <jden...@redhat.com> > > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users