On Fri, May 16, 2014 at 10:54 AM, Tuc ml@t-b-o-h.net wrote:
Basically, we have a legacy LDAP that we're trying to deal with. We have a bunch of id's that are created in the "ou=People" that really aren't people, they're service accounts/application accounts/who knows WHERE they are. We also have a mobile app that through an API pulls our company directory. Management gets a bit annoyed when they see "Jenkins" (Build system), "BDTestUser", etc as company employees. We thought that simply taking the "ObjectClass: person" off the individual records would allow us to just search for the ones without it explicitly stated and we could work on moving the offenders to our "SVC_Account" OU. But we do the search and it just returns everything.
Unfortunately that won't work, because of the objectClass inheritance. Maybe there's some other value (looking at your examples above, radiusProfile or pwmUser?) that you could search for.