Hide default Users/Groups in all applications (It is not in Nethgui/Cockpit)

There is a problem with groups and users in NethServer!

Impossible to manage it, hide it, disable it in app, …

There are missing groups in Nethgui and Cockpit, I have listed all:

Showed users in Netgui/Cockpit (account can be disabled but in always in all applications):

• Administrator
• Admin

Hidden users in Netgui/Cockpit (No management and in all applications):

• NethServer LDAP simple auth identity
• krbtgt (Key Distribution Center Service Account)
• Guest (Built-in account for guest access to the computer/domain)

Showed group in Netgui/Cockpit (And in all applications):

• Domain Admins (Designated administrators of the domain)

Hidden groups in Netgui/Cockpit (No management and in all applications):

• DnsUpdateProxy (DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers).)
• Domain Computers (All workstations and servers joined to the domain)
• Domain Controllers (All domain controllers in the domain)
• Domain Guests (All domain guests)
• Domain Users (All domain users)
• Enterprise Admins (Designated administrators of the enterprise)
• Enterprise Read-only Domain Controllers (Members of this group are Read-Only Domain Controllers in the enterprise)
• Read-only Domain Controllers (Members of this group are Read-Only Domain Controllers in the domain)
• Schema Admins (Designated administrators of the schema)

I have done screenshots for you:
Nethgui:

• https://i.ibb.co/HV5DH72/X-nethserver-nethgui-users-list.png
• https://i.ibb.co/dLSBfz9/X-nethserver-nethgui-user-edit.png
• https://i.ibb.co/CKjfv3f/X-nethserver-nethgui-groups-list.png

Cockpit:

• https://i.ibb.co/XF4Vr5w/X-nethserver-cockpit-users-list.png
• https://i.ibb.co/0Bdnmpw/X-nethserver-cockpit-user-edit.png
• https://i.ibb.co/Wf9CgmX/X-nethserver-cockpit-groups-list.png

Roundcube:

• https://i.ibb.co/Xjw51Mz/X-nethserver-roundcube-public-address-book.png

SOGo users:

• https://i.ibb.co/MCcmjW3/X-nethserver-sogo-addressbooks-users-admin.png
• https://i.ibb.co/qkTBtfd/X-nethserver-sogo-addressbooks-users-guest.png
• https://i.ibb.co/wSP9Jyn/X-nethserver-sogo-addressbooks-users-krbtgt.png
• https://i.ibb.co/PtK2Xdn/X-nethserver-sogo-addressbooks-users-ldap.png

SOGo groups:

• https://i.ibb.co/cbtmnvv/X-nethserver-sogo-addressbooks-groups-admin.png
• https://i.ibb.co/dp6skXJ/X-nethserver-sogo-addressbooks-groups-dns.png
• https://i.ibb.co/BsscVh0/X-nethserver-sogo-addressbooks-groups-domain.png
• https://i.ibb.co/p1vNWGd/X-nethserver-sogo-addressbooks-groups-enterprise.png

Linked to Users/Groups in NethServer.

Exchange/Office365 has an option to hide:

• Hide from address lists: https://medium.com/gitbit/hide-user-from-address-lists-ad-connect-ee67f2369bc1

Note: Groups and Users have not an email address.

There are only 2 default accounts with email address:

• Administrator
• Admin

Linked to for example:

• iRedMail: Displayed in Global LDAP Address Book
  enabledService=displayedInGlobalAddressBook
  https://searchcode.com/?q=displayedInGlobalAddressBook%20repo:zhb/iredmail
• Zarafa: Hide from addressbook:
  http://doc.zarafa.com/trunk/Administrator_Manual/en-US/html/_hide_information_from_global_address_book.html
• …

SOGo, Roundcube know it…

Note: If Groups or Users have not an email address, it must not listed.

We decided to not show builtin AD users/groups in the server manager. If you need them you can connect with Microsoft RSAT tools. https://wiki.samba.org/index.php/Installing_RSAT

Can you see for Address Book?
It is always here.

Sadly, email addresses are not in the LDAP DB so it cannot be configured as filtering criterion for address books.

Applications offer a LDAP search query generally. This is not enough to distinguish the account types. The server manager filter excludes also some entries with a couple of “hidelists”: /etc/nethserver/system-users and /etc/nethserver/system-groups.

I see “mail”:

• https://github.com/NethServer/nethserver-roundcubemail/blob/master/root/etc/e-smith/templates/etc/roundcubemail/config.inc.php/50ADDRESSBOOK_SETTINGS
• https://github.com/NethServer/nethserver-sogo/blob/master/root/etc/e-smith/templates/etc/sogo/sogo.conf/45user_source

I can’t help with SOGo. Let’s ask @stephdl!

Of course, it is for all softwares, not only Roundcube or SOGo, there are Nextcloud, ejabberd, etc.

It is a bug, we do not need to see.

If it is a bug, I can’t fix it sorry.

Edit: We can consider it a #feature enhancement though. As LDAP filters in applications do not allow to cherry-pick what accounts/groups are visible and what are hidden let’s create accounts in a different LDAP branch. However this can be achieved for local account providers; for remote ones, the same limitation can persist.

I’ll keep it in mind for NS8.

Can you move this ticket in bug section? Badly one people has moved my ticket.

No, I’d move it to #feature instead.

Every application you listed is an LDAP client and to achieve what you’re asking it has to implement an LDAP search filter, to exclude unwanted entries. However (especially with AD) this is a daunting task because some “builtin” items cannot be easily recognized by their attributes; furthermore the name of the item could be localized and unpredictable.

How other servers have possibility to hide from Global Address List?

For default accounts by default and possibility for users, groups, alias mails, shared mails, …

I don’t know, but if you know how they implement this feature please tell me.