> 389 access control is pretty powerful and flexible.  There's usually a way
> to do what you want to do without having to resort to using subtrees (as in
> AD).
> http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_Access_Control.html
aye - I already have everything on that side of the house working perfectly,
in exactly the way I want it.  However, part of how I have that is based on
ACIs attached to specific ou units.  So if it could probably be made to work
without resorting to ACIs for individual OUs, then...ok.  I want PMs to be
able to make people that are customers, but not people who are People (that
sounds horrible, but you know what I mean...heh).  That's just one of
example of many, including batch processes that make changes to specific ou
units reserved for the activities of those processes.

Perhaps I'll just install FreeIPA and see, then.

Freeipa-users mailing list

Reply via email to