[Freeipa-users] IPA Account - Managed by LDAP Calls
Rob Crittenden
rcritten at redhat.com
Tue Feb 12 20:24:41 UTC 2013
It Meme wrote:
> Hi:
>
> Assumption: Accounts have been provisioned in IPA.
>
> Can the IPA provisioned accounts be subsequently managed by LDAP calls
> from an external system? Examples: password update, group membership.
Password update via LDAP: yes
Group membership is just properly adding a member attribute with the DN
of the member into the right location, so yeah. This may depend on the
access rights of the user doing the change. Note that this is
potentially dangerous. For example, our management framework prevents
the last user from being removed from the admins group. If you do this
via LDAP you lose that protection.
rob
More information about the Freeipa-users
mailing list