[Freeipa-users] 389 DS & admin consoles

Dmitri Pal dpal at redhat.com
Wed Oct 29 00:13:36 UTC 2014 

On 10/28/2014 07:23 PM, Rich Megginson wrote:
> On 10/28/2014 05:05 PM, Craig White wrote:
>>
>> *From:*freeipa-users-bounces at redhat.com 
>> [mailto:freeipa-users-bounces at redhat.com] *On Behalf Of *Rich Megginson
>> *Sent:* Tuesday, October 28, 2014 3:02 PM
>> *To:* freeipa-users at redhat.com
>> *Subject:* Re: [Freeipa-users] 389 DS & admin consoles
>>
>> On 10/28/2014 02:45 PM, Craig White wrote:
>>
>>     RHEL 6.5 -- new install
>>
>>     ipa-server-3.0.0-42.el6.x86_64
>>
>>     389-ds-base-1.2.11.15-47.el6.x86_64
>>
>>     Is it safe to install the 389 DS and admin console packages and
>>     use them?
>>
>>
>> In general, no, it is not supported.  IPA depends on a certain tree 
>> structure, schema, etc.
>>
>>
>> I think it would be useful to use for things like editing ACI's, etc.
>>
>>
>> It would be useful for a lot of lower level management and 
>> monitoring.  But unfortunately it is not supported.  You might be 
>> able to install it and make it work, but it might also mess up your 
>> IdM deployment.
>> ----
>>
>> Not worth it then. I have been all over your Documentation page on 
>> FreeIPA.org (http://www.freeipa.org/page/Documentation)
>>
>> I have not found any way to actually edit ACL's (I believe the 
>> terminology in 389 Server was ACI when I last used it some 8 or so 
>> years ago).  Is there any way to edit them?
>>
>
> I'm assuming you mean something that can parse and understand 389 
> acis.  No, not afaik.

The actual low level ACIs are hidden under: roles, privileges, 
permissions and delegations. Have you looked at those? Managing low 
level ACIs directly is not supported or recommended.

>
>> Is there any tools similar to the 389-DS-Server console like the 
>> Certificate manager?
>>
> Not sure what you mean by "the Certificate manager".  Do you mean the 
> 389 console GUI that allows you to Manage Certificates?  With IPA, 
> that functionality is supposed to be largely automated.
>
>

No everything that is supported from CA is exposed via CLI and UI. We 
are working on exposing more but what you have now is what you get.

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141028/6d79dd0f/attachment.htm>

More information about the Freeipa-users mailing list