On 12/11/18 1:36 AM, cdknight via FreeIPA-users wrote:
When a user signs in to FreeIPA, I do not want them to be able to view the list of users
in my LDAP server under the "Active users" link. I still want them to be able
to administer self-service, so they can reset their password, add OTP tokens, etc. How
would I go about doing this? The users will only be able to access the web interface, so
it doesn't matter whether they can access it from other sources.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Hi,
this topic has already been discussed in issue 2995: [RFE] Add option to
limit the scope of the DS objects user can see in self service [1]
and in this thread [2]. This may help understand why self-service WebUI
allows to see other users.
You may be able to define ACIs preventing a user from seeing other
users' information but this would have to be thoroughly tested as it
could break a lot of assumptions done by IPA.
HTH,
flo
[1] https://pagure.io/freeipa/issue/2995
[2] https://www.redhat.com/archives/freeipa-users/2016-April/msg00107.html
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
