<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 10/28/2014 07:23 PM, Rich Megginson
wrote:<br>
</div>
<blockquote cite="mid:54502568.7000805@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">On 10/28/2014 05:05 PM, Craig White
wrote:<br>
</div>
<blockquote
cite="mid:21b324a15bf74a138988b304733b59aa@BLUPR08MB488.namprd08.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>
[<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="mailto:freeipa-users-bounces@redhat.com">mailto:freeipa-users-bounces@redhat.com</a>]
<b>On Behalf Of </b>Rich Megginson<br>
<b>Sent:</b> Tuesday, October 28, 2014 3:02 PM<br>
<b>To:</b> <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] 389 DS & admin
consoles<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 10/28/2014 02:45 PM, Craig White
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">RHEL 6.5 – new install<o:p></o:p></p>
<p class="MsoNormal">ipa-server-3.0.0-42.el6.x86_64<o:p></o:p></p>
<p class="MsoNormal">389-ds-base-1.2.11.15-47.el6.x86_64<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Is it safe to install the 389 DS and
admin console packages and use them?<o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
In general, no, it is not supported. IPA depends on a
certain tree structure, schema, etc.<br>
<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I think it would be useful to use for
things like editing ACI’s, etc.<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
It would be useful for a lot of lower level management and
monitoring. But unfortunately it is not supported. You
might be able to install it and make it work, but it might
also mess up your IdM deployment.<br>
</span><span style="font-size:12.0pt;font-family:"Times
New Roman","serif";color:#1F497D">----</span><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Not worth it
then. I have been all over your Documentation page on
FreeIPA.org (<a moz-do-not-send="true"
href="http://www.freeipa.org/page/Documentation">http://www.freeipa.org/page/Documentation</a>)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I have not
found any way to actually edit ACL’s (I believe the
terminology in 389 Server was ACI when I last used it some
8 or so years ago). Is there any way to edit them? <o:p></o:p></span></p>
</div>
</blockquote>
<br>
I'm assuming you mean something that can parse and understand 389
acis. No, not afaik.<br>
</blockquote>
<br>
The actual low level ACIs are hidden under: roles, privileges,
permissions and delegations. Have you looked at those? Managing low
level ACIs directly is not supported or recommended.<br>
<br>
<blockquote cite="mid:54502568.7000805@redhat.com" type="cite"> <br>
<blockquote
cite="mid:21b324a15bf74a138988b304733b59aa@BLUPR08MB488.namprd08.prod.outlook.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Is there any
tools similar to the 389-DS-Server console like the
Certificate manager?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><o:p> </o:p></span></p>
</div>
</blockquote>
Not sure what you mean by "the Certificate manager". Do you mean
the 389 console GUI that allows you to Manage Certificates? With
IPA, that functionality is supposed to be largely automated.<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
No everything that is supported from CA is exposed via CLI and UI.
We are working on exposing more but what you have now is what you
get.<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>