> > 389 access control is pretty powerful and flexible. There's usually a way > to do what you want to do without having to resort to using subtrees (as in > AD). > > http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_Access_Control.html > > aye - I already have everything on that side of the house working perfectly, in exactly the way I want it. However, part of how I have that is based on ACIs attached to specific ou units. So if it could probably be made to work without resorting to ACIs for individual OUs, then...ok. I want PMs to be able to make people that are customers, but not people who are People (that sounds horrible, but you know what I mean...heh). That's just one of example of many, including batch processes that make changes to specific ou units reserved for the activities of those processes.
Perhaps I'll just install FreeIPA and see, then. Brian
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users