[Freeipa-users] Customization risks with freeipa
Rob Crittenden
rcritten at redhat.com
Mon Oct 12 17:38:03 UTC 2009
James Roman wrote:
> I am planning two customizations to our directory and wanted to find out
> if they pose any risks with future migrations.
>
> First we have a subtree in our directory
> cn-applications,cn-accounts,dc=REALM,dc=com that contains application
> based accounts. I plan to enforce a separate password policy for entries
> in this container providing for a longer password age.
You'll probably need to migrate this manually yourself at some point and
cn=applications is an awfully generic name, no promises that we won't
use that at some point for something else. But you're safe for now anyway.
> Second, we have been asked to modify the visibility of some of the
> default IPA account attributes when viewed by other authenticated users.
> Specifically, the cell phone, home phone and jpegPhoto attributes. I
> plan on applying a customized set of ACIs to the cn=People container
> that specify the visibility.
Again, you'd probably be on the hook to migrate this yourself but it
shouldn't be a big deal depending on the actual ACI(s). I assume you
mean cn=users, right?
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20091012/498eb801/attachment.bin>
More information about the Freeipa-users
mailing list