[Freeipa-users] Administration URL in 389DS
Rob Crittenden
rcritten at redhat.com
Wed Nov 4 02:26:00 UTC 2009
Dmitri Pal wrote:
> Tomasz 'Zen' Napierala wrote:
>> Dnia 2009-11-03, wto o godzinie 15:16 +0100, Rob Crittenden pisze:
>>
>>> Jesster Leight wrote:
>>>
>>>> How i can find my default Administration URL for 389 DS ? I can't use
>>>> 389-console from this problem ;(
>>>>
>>> That is correct. IPA does not install or configure the admin server or
>>> console for 389 DS. This is on purpose because user/group management in
>>> the console is not necessarily compatible with IPA and can cause large
>>> headaches. It should be possible, if one is very careful, to manage IPA
>>> users via the console but we do not support it.
>>>
>>> Is there some capability you need that only the console provides?
>>>
>> I'll take a chance to ask similar question here (sorry for hijacking
>> thread ;)
>>
>> I need some system users (e.g for configuring LDAPbind for apache
>> authentication), and I'd like them to be under say CN=sysaccounts,CN=etc
>> Is there any way to do this simply?
>> The thing is I don't want to be subject of IPA password policy.
>>
>> Regards,
>>
> We are planning to have different password policies per group in IPAv2.
> As far as I remember it made our Alpha release last week.
> Would you be interested to give it a try?
> In IPA all accounts are on the same level but they can be grouped in
> different ways and in v2 pwd policies can be applied on per group basis.
>
And for v1 you'll need to use ldapmodify. It only appears scary at
first, it isn't so bad once you understand the syntax.
I think the most bare-bones non-Posix account would look something like:
dn: uid=apacheldap,cn=sysaccounts,cn=etc,dc=example,d=com
changetype: add
objectclass: account
objectclass: simplesecurityobject
uid: apacheldap
userPassword: superSecret123
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20091103/6001584a/attachment.bin>
More information about the Freeipa-users
mailing list