<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt">Thanks a lot, Dmitri. That's exactly I am looking for.<br><br>--David.<br><div><span><br></span></div><div><br></div>  <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> <hr size="1">  <b><span style="font-weight:bold;">From:</span></b> Dmitri Pal <dpal@redhat.com><br> <b><span style="font-weight: bold;">To:</span></b> freeipa-users@redhat.com <br> <b><span style="font-weight: bold;">Sent:</span></b> Wednesday, December 19, 2012 2:58 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Freeipa-users] Any way to delegate subordinate account management to managers?<br> </font> </div> <br>
<div id="yiv41143979">
  

    
  
  <div>
    On 12/19/2012 05:11 PM, David Copperfield wrote:
    <blockquote type="cite">
      <div style="color:rgb(0, 0, 0);background-color:rgb(255, 255,
        255);font-family:times new roman, new york, times, serif;font-size:12pt;">
        <div><span><br>
          </span></div>
        <div>Hi all,</div>
        <div><br>
        </div>
        <div style="color:rgb(0, 0, 0);font-size:16px;
font-family:'times new roman', 'new york', times, serif;
background-color:transparent;font-style:normal;"> Just wonder whether there
          is a way to delegate to managers the authority/permissions to
          manage his/her subordinate user accounts? Similar to
          host/services delegation. Please elaborate if there is a way
          to reach this or similar.</div>
        <div style="color:rgb(0, 0, 0);font-size:16px;
font-family:'times new roman', 'new york', times, serif;
background-color:transparent;font-style:normal;"><br>
        </div>
        <div style="color:rgb(0, 0, 0);font-size:16px;
font-family:'times new roman', 'new york', times, serif;
background-color:transparent;font-style:normal;">Let's say, we create a user
          group of subordinate employee accounts, then let the
          particular manager to do the management work for the group,
          like:</div>
        <div style="color:rgb(0, 0, 0);font-size:16px;
font-family:'times new roman', 'new york', times, serif;
background-color:transparent;font-style:normal;"><br>
        </div>
        <div style="color:rgb(0, 0, 0);font-size:16px;
font-family:'times new roman', 'new york', times, serif;
background-color:transparent;font-style:normal;"><span class="yiv41143979Apple-tab-span" style="white-space:pre;"> </span>1,
          reset passwords for the subordinates (main work)</div>
        <div style="color:rgb(0, 0, 0);font-size:16px;
font-family:'times new roman', 'new york', times, serif;
background-color:transparent;font-style:normal;"><span class="yiv41143979Apple-tab-span" style="white-space:pre;"> </span>2,
          change/update some attributes of the subordinates.</div>
        <div style="color:rgb(0, 0, 0);font-size:16px;
font-family:'times new roman', 'new york', times, serif;
background-color:transparent;font-style:normal;"><span class="yiv41143979Apple-tab-span" style="white-space:pre;"> </span>3,
          if possible, remove one or more subordinate accounts.</div>
        <div style="color:rgb(0, 0, 0);font-size:16px;
font-family:'times new roman', 'new york', times, serif;
background-color:transparent;font-style:normal;"><br>
        </div>
        <div style="color:rgb(0, 0, 0);font-size:16px;
font-family:'times new roman', 'new york', times, serif;
background-color:transparent;font-style:normal;">Thanks.</div>
        <div style="color:rgb(0, 0, 0);font-size:16px;
font-family:'times new roman', 'new york', times, serif;
background-color:transparent;font-style:normal;"><br>
        </div>
      </div>
    </blockquote>
    I think you need to look at the Delegated administration
    capabilities of IPA.<br>
<a rel="nofollow" class="yiv41143979moz-txt-link-freetext" target="_blank" href="https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#delegating-users">https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#delegating-users</a><br>
    <br>
    <br>
    <blockquote type="cite">
      <div style="color:#000;background-color:#fff;font-family:times new roman, new york, times, serif;font-size:12pt;">
        <div style="color:rgb(0, 0, 0);font-size:16px;
font-family:'times new roman', 'new york', times, serif;
background-color:transparent;font-style:normal;"><br></div>
      </div>
      <br>
      <fieldset class="yiv41143979mimeAttachmentHeader"></fieldset>
      <br>
      <pre>_______________________________________________
Freeipa-users mailing list
<a rel="nofollow" class="yiv41143979moz-txt-link-abbreviated" ymailto="mailto:Freeipa-users@redhat.com" target="_blank" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a rel="nofollow" class="yiv41143979moz-txt-link-freetext" target="_blank" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
    </blockquote>
    <br>
    <br>
    <pre class="yiv41143979moz-signature">-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
<a rel="nofollow" class="yiv41143979moz-txt-link-abbreviated" target="_blank" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>


</pre>
  </div>

</div><br>_______________________________________________<br>Freeipa-users mailing list<br><a ymailto="mailto:Freeipa-users@redhat.com" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br><br> </div> </div>  </div></body></html>