Thank you for your response,
> As an aside though I wouldn't set the ipausers as a memberof on this ACI. > What that will do is allow any user to modify any other user. I doubt this > is what you want. > > You are right, it is not what I want to do. My second command is wrong: ipa -v aci-mod "Modify Users" --attrs=mail --memberof=ipausers However, what I want to do is modify "Modify Users" ACI by adding the attribute "mail" in the targetattr. I do not assimilate yet the syntaxe of aci commands. Thanks for help > Even if you did it would be better to add the ipausers group as a member of > the "Modify Users" rolegroup. > > rob > -- Meilleures salutations / Best Regards Rachid ALAHYANE
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
