[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Search issue (objectclass=person) (Possible dupe email)

To: openldap-technical@openldap.org
Subject: Re: Search issue (objectclass=person) (Possible dupe email)
From: Ryan Tandy <ryan@nardis.ca>
Date: Fri, 16 May 2014 11:11:11 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nardis.ca; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Un2vL7DmhPrjw4QdMe+bYZbC/BjFzg9nlPAzvms/k2g=; b=TKbpFsdYdu0fCE+VPDrf2hUf4O5r/0983Ja1w1olwAFgFYt/6+GgKbpVlpgA8etaI+ fRHhIx3/R1GDhs44kVhI6CNSgXqzkeaHkrxTUqkxbA/5HCkuWI1vu9w24wit6RiD7LFa hysloemXip7xRspX68WmImqHUWVOPARnCSJkU=
In-reply-to: <a2d98b2a87b3fc7afd92283d8c39ef00@vjofn.tucs-beachin-obx-house.com>
References: <eb8a42d0c853e4655050947457699179@vjofn.tucs-beachin-obx-house.com> <CAMXH3QConuo8jRBhqeJafaaqG7CyFW5P=ze8TJDxV7=44NVp2w@mail.gmail.com> <5341aabc0f8dbdca2af7fff12fdb1d43@vjofn.tucs-beachin-obx-house.com> <CAMXH3QDBOr3aZ5E4LxnA_5ypTzix6436in4GMdMb_+omKxiTxA@mail.gmail.com> <a2d98b2a87b3fc7afd92283d8c39ef00@vjofn.tucs-beachin-obx-house.com>

On Fri, May 16, 2014 at 10:54 AM, Tuc <ml@t-b-o-h.net> wrote:
> Basically, we have a legacy LDAP that we're trying to deal with. We have a
> bunch of id's that are created in the "ou=People" that really aren't people,
> they're service accounts/application accounts/who knows WHERE they are. We
> also have a mobile app that through an API pulls our company directory.
> Management gets a bit annoyed when they see "Jenkins" (Build system),
> "BDTestUser", etc as company employees. We thought that simply taking the
> "ObjectClass: person" off the individual records would allow us to just
> search for the ones without it explicitly stated and we could work on moving
> the offenders to our "SVC_Account" OU. But we do the search and it just
> returns everything.

Unfortunately that won't work, because of the objectClass inheritance.
Maybe there's some other value (looking at your examples above,
radiusProfile or pwmUser?) that you could search for.

References:
- Search issue (objectclass=person) (Possible dupe email)
  - From: Tuc <ml@t-b-o-h.net>
- Re: Search issue (objectclass=person) (Possible dupe email)
  - From: Ryan Tandy <ryan@nardis.ca>
- Re: Search issue (objectclass=person) (Possible dupe email)
  - From: Tuc <ml@t-b-o-h.net>
- Re: Search issue (objectclass=person) (Possible dupe email)
  - From: Ryan Tandy <ryan@nardis.ca>
- Re: Search issue (objectclass=person) (Possible dupe email)
  - From: Tuc <ml@t-b-o-h.net>

Prev by Date: Re: Search issue (objectclass=person)
Next by Date: Re: Search issue (objectclass=person)
Index(es):
- Chronological
- Thread