[Freeipa-users] Non-human users
Orion Poplawski
orion at cora.nwra.com
Fri Feb 15 21:30:06 UTC 2013
On 02/15/2013 01:46 PM, Simo Sorce wrote:
> On Fri, 2013-02-15 at 12:01 -0700, Orion Poplawski wrote:
>> What brought this up was the need to sync users from LDAP into another
>> authentication system, and for that system we only wanted "real" human people
>> to be listed.
>>
>> Also, we don't want these accounts listed in things like Thunderbird LDAP
>> address books (hence no "*person" attributes: mail cn givenName sn).
>>
>> And just for doing periodic audits it would be helpful for distinguishing
>> between them.
>>
>> I've been trying to track down any bugs I may have filed without success, but
>> I'm pretty sure I tried at first adding a system user to LDAP groups and that
>> not working unless the system user was in LDAP. This may have been before I
>> started using SSSD on the servers so I'll need to retest this.
>
> This is an interesting use case, it would probably be appropriate to
> have a RFE filed to allow to create ipa users marked as 'non-person' so
> that they are not assigned the person objectclass.
>
> Simo.
>
Filed https://fedorahosted.org/freeipa/ticket/3431
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the Freeipa-users
mailing list