We have an absurdly complex multi-domain/multi-child AD forrest tied
together on AWS via FreeIPA.
I'm spending a lot of time debugging login issues and the "ipa hbactest"
command is fantastic at "proving" out if something should or should not
I currently "kinit admin" before running these commands but would like
to be able to pass this 'power' on to other people, including project
managers and other folks that I would not trust with direct IPA
privileges that would let them accidentally do dangerous things :)
Has anyone set up an IPA user with read-only access or otherwise set up
a locked down role so that a user can only run "ipa hbactest ..." type
commands? Looking for sensible tips and guidance on spreading some IPA
powers around to people that I would not normally want having higher
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org