[Freeipa-users] limit access to a specific CN

Sumit Bose sbose at redhat.com
Wed Feb 16 09:10:22 UTC 2011 

On Tue, Feb 15, 2011 at 06:30:51PM -0500, Peter Doherty wrote:
> 
> On Feb 15, 2011, at 14:45 , Simo Sorce wrote:
> 
> > On Tue, 15 Feb 2011 14:09:07 -0500
> > Peter Doherty <doherty at hkl.hms.harvard.edu> wrote:
> > 
> >> On Feb 15, 2011, at 14:02 , Rob Crittenden wrote:
> >> 
> >>> Peter Doherty wrote:
> >>>> Hello,  I'm running Fedora 14 and freeipa 1.2.2-6
> >>>> 
> >>>> 
> >>>> Can I create a new cn/nsContainer (cn=subgroup,dc=example,dc=com)
> >>>> and then create an account that can edit that cn as much as they  
> >>>> want,
> >>>> <snip>
> >>>> 
> >>> 
> >>> What would you put into this container?
> >>> 
> >>> <snip>
> >>> 
> >>> rob
> >> 
> >> The first thing I'm looking to do with it is have a web server that  
> >> has account information stored in LDAP, and to allow users to to
> >> ldap authentication.  The users logging into the web server would be  
> >> <snip>
> > 
> > It is possible to do using LDAP tools and then setting an ACI on the
> > container to give the user you want full control on that container.
> > 
> > Simo.
> 
> Simo, 
> 
> This gave me a good starting point, and after reading some more, I'm starting to wrap my brain around what I want to do and how to do it.
> LDAP has a steep learning curve, IMHO.
> Can you recommend any GUI tools for creating/modifying the ACI for the container?  I started to try and create an ACI using the ones within FreeIPA as a reference, but if there's a GUI that would be useful too.  I checked out Apache Directory Studio which looks nice, but doesn't seem to support the schema that FreeIPA is using.

I use Apache Directory Studio to edit FreeIPA LDAP objects and I can
also see and edit ACIs. The schema shouldn't be a problem, because the
editor can read the schema data from the LDAP server. Which kind of
problems are you seeing ?

bye,
Sumit

> 
> --Peter
> 
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list