[Freeipa-users] access control
Andrew Holway
andrew.holway at gmail.com
Sun Jul 19 17:23:05 UTC 2015
Hi Gunther,
Typically one would use the freeipa tools to create users.
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/managing-users.html#adding-users
As with any application. Modifying the database underneath is not
recommended.
Thanks,
Andrew
On 19 July 2015 at 17:58, Günther J. <gjn at gjn.priv.at> wrote:
> Hello,
>
>
>
> can any help me to create a access control for a user?
>
>
>
> Background:
>
> I have created a user like this from a FreeIPA site
>
>
>
> # ldapmodify -x -D 'cn=Directory Manager' -W
>
> dn: uid=system,cn=sysaccounts,cn=etc,dc=example,dc=com
>
> changetype: add
>
> objectclass: account
>
> objectclass: simplesecurityobject
>
> uid: system
>
> userPassword: secret123
>
> passwordExpirationTime: 20380119031407Z
>
> nsIdleTimeout: 0
>
> <blank line>
>
> ^D
>
> now I have to create a access control rule for this user that he can read
> the userPassword atribute like this?
>
>
>
>
>
> # access to attribute=userPassword
>
> # by dn="<dovecot's dn>" read # add this
>
> # by anonymous auth
>
> # by self write
>
> # by * none
>
>
>
>
>
> I can't found a example for this Problem and so I have no correct working
> Mailserver :-(.
>
>
>
> Please Help and tanks for a answer.
>
> --
>
> mit freundlichen Grüssen / best regards,
>
>
>
> Günther J. Niederwimmer
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150719/8c861141/attachment.htm>
More information about the Freeipa-users
mailing list