Thank you for your response,

> As an aside though I wouldn't set the ipausers as a memberof on this ACI.
> What that will do is allow any user to modify any other user. I doubt this
> is what you want.
>
> You are right, it is not what I want to do. My second command is wrong:
ipa -v aci-mod "Modify Users" --attrs=mail --memberof=ipausers

However, what I want to do is modify "Modify Users" ACI by adding the
attribute "mail" in the targetattr. I do not assimilate yet the syntaxe of
aci commands.

Thanks for help


> Even if you did it would be better to add the ipausers group as a member of
> the "Modify Users" rolegroup.
>
> rob
>



-- 
Meilleures salutations / Best Regards
Rachid ALAHYANE
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to