[Freeipa-users] Non-human users
Orion Poplawski
orion at cora.nwra.com
Fri Feb 15 21:54:55 UTC 2013
On 02/15/2013 02:34 PM, John Dennis wrote:
> On 02/15/2013 04:16 PM, Orion Poplawski wrote:
>>
>> Hmm, that is the filter in TB for me too, but:
>>
>> [15/Feb/2013:11:17:21 -0700] conn=931 op=1 SRCH
>> base="ou=people,dc=nwra,dc=com" scope=2
>> filter="(|(mail=*apache*)(cn=*apache*)(givenName=*apache*)(sn=*apache*))"
>> attrs="description notes title sn sn mozillaHomeLocalityName givenName
>> mozillaHomeState mail mozillaWorkUrl workurl labeledURI o company
>> mozillaNickname mozillaNickname mobile cellphone carphone modifyTimestamp
>> nsAIMid nsAIMid telephoneNumber birthyear c c mozillaHomeStreet cn cn
>> postalCode zip mozillaCustom1 custom1 mozillaHomeCountryName homePhone st
>> region mozillaCustom2 custom2 mozillaSecondEmail mozillaSecondEmail
>> facsimileTelephoneNumber facsimileTelephoneNumber mozillaCustom3 custom3
>> mozillaUseHtmlMail mozillaUseHtmlMail mozillaHomeStreet2 birthday street
>> street postOfficeBox mozillaCustom4 custom4 mozillaHomeUrl homeurl l l pager
>> pagerphone ou department departmentNumber orgunit birthmonth
>> mozillaWorkStreet2 mozillaHomePostalCode objectClass"
>>
>> is what I see in the LDAP server log
>>
>
> I don't know, beats me as to why there is no objectclass filter component.
> Perhaps TB is smart enough to know (objectclass=*) is effectively a no-op and
> ignores it when it builds the final filter.
>
> What happens if you set the TB filter to (objectclass=person)?
>
Yup, then it adds it:
filter="(&(objectClass=person)(|(mail=*apac*)(cn=*apac*)(givenName=*apac*)(sn=*apac*)))"
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the Freeipa-users
mailing list