>
> 389 access control is pretty powerful and flexible.  There's usually a way
> to do what you want to do without having to resort to using subtrees (as in
> AD).
>
> http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_Access_Control.html
>
>
aye - I already have everything on that side of the house working perfectly,
in exactly the way I want it.  However, part of how I have that is based on
ACIs attached to specific ou units.  So if it could probably be made to work
without resorting to ACIs for individual OUs, then...ok.  I want PMs to be
able to make people that are customers, but not people who are People (that
sounds horrible, but you know what I mean...heh).  That's just one of
example of many, including batch processes that make changes to specific ou
units reserved for the activities of those processes.

Perhaps I'll just install FreeIPA and see, then.

Brian
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to