[Freeipa-users] 389 DS & admin consoles

Dmitri Pal dpal at redhat.com
Wed Oct 29 00:13:36 UTC 2014

On 10/28/2014 07:23 PM, Rich Megginson wrote:
> On 10/28/2014 05:05 PM, Craig White wrote:
>> *From:*freeipa-users-bounces at redhat.com 
>> [mailto:freeipa-users-bounces at redhat.com] *On Behalf Of *Rich Megginson
>> *Sent:* Tuesday, October 28, 2014 3:02 PM
>> *To:* freeipa-users at redhat.com
>> *Subject:* Re: [Freeipa-users] 389 DS & admin consoles
>> On 10/28/2014 02:45 PM, Craig White wrote:
>>     RHEL 6.5 -- new install
>>     ipa-server-3.0.0-42.el6.x86_64
>>     389-ds-base-
>>     Is it safe to install the 389 DS and admin console packages and
>>     use them?
>> In general, no, it is not supported.  IPA depends on a certain tree 
>> structure, schema, etc.
>> I think it would be useful to use for things like editing ACI's, etc.
>> It would be useful for a lot of lower level management and 
>> monitoring.  But unfortunately it is not supported.  You might be 
>> able to install it and make it work, but it might also mess up your 
>> IdM deployment.
>> ----
>> Not worth it then. I have been all over your Documentation page on 
>> FreeIPA.org (http://www.freeipa.org/page/Documentation)
>> I have not found any way to actually edit ACL's (I believe the 
>> terminology in 389 Server was ACI when I last used it some 8 or so 
>> years ago).  Is there any way to edit them?
> I'm assuming you mean something that can parse and understand 389 
> acis.  No, not afaik.

The actual low level ACIs are hidden under: roles, privileges, 
permissions and delegations. Have you looked at those? Managing low 
level ACIs directly is not supported or recommended.

>> Is there any tools similar to the 389-DS-Server console like the 
>> Certificate manager?
> Not sure what you mean by "the Certificate manager".  Do you mean the 
> 389 console GUI that allows you to Manage Certificates?  With IPA, 
> that functionality is supposed to be largely automated.

No everything that is supported from CA is exposed via CLI and UI. We 
are working on exposing more but what you have now is what you get.

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141028/6d79dd0f/attachment.htm>

More information about the Freeipa-users mailing list