On 2014-05-16 12:14, Ryan Tandy wrote:
On Fri, May 16, 2014 at 8:59 AM, Tuc <ml@t-b-o-h.net> wrote:Is there some way I can modify the query to only get ones that would looklike : dn: uid=tuc,ou=People,dc=example,dc=com objectClass: radiusprofile objectClass: pwmUser objectClass: top VVVVVVVVVVVVVVVVVVV objectClass: person ^^^^^^^^^^^^^^^^^^^ objectClass: posixAccount objectClass: organizationalPerson objectClass: inetOrgPersonAn entry matching (objectClass=organizationalPerson) also satisfies (objectClass=person) whether or not you write it explicitly. You can ask for (&(objectClass=organizationalPerson)(!(objectClass=person))) but there won't be any results. Can you back up a few steps and explain the underlying problem you're trying to solve?
Hi,Basically, we have a legacy LDAP that we're trying to deal with. We have a bunch of id's that are created in the "ou=People" that really aren't people, they're service accounts/application accounts/who knows WHERE they are. We also have a mobile app that through an API pulls our company directory. Management gets a bit annoyed when they see "Jenkins" (Build system), "BDTestUser", etc as company employees. We thought that simply taking the "ObjectClass: person" off the individual records would allow us to just search for the ones without it explicitly stated and we could work on moving the offenders to our "SVC_Account" OU. But we do the search and it just returns everything.
Tuc