On Feb 15, 2011, at 14:45 , Simo Sorce wrote:

> On Tue, 15 Feb 2011 14:09:07 -0500
> Peter Doherty <dohe...@hkl.hms.harvard.edu> wrote:
> 
>> On Feb 15, 2011, at 14:02 , Rob Crittenden wrote:
>> 
>>> Peter Doherty wrote:
>>>> Hello,  I'm running Fedora 14 and freeipa 1.2.2-6
>>>> 
>>>> 
>>>> Can I create a new cn/nsContainer (cn=subgroup,dc=example,dc=com)
>>>> and then create an account that can edit that cn as much as they  
>>>> want,
>>>> <snip>
>>>> 
>>> 
>>> What would you put into this container?
>>> 
>>> <snip>
>>> 
>>> rob
>> 
>> The first thing I'm looking to do with it is have a web server that  
>> has account information stored in LDAP, and to allow users to to
>> ldap authentication.  The users logging into the web server would be  
>> <snip>
> 
> It is possible to do using LDAP tools and then setting an ACI on the
> container to give the user you want full control on that container.
> 
> Simo.

Simo, 

This gave me a good starting point, and after reading some more, I'm starting 
to wrap my brain around what I want to do and how to do it.
LDAP has a steep learning curve, IMHO.
Can you recommend any GUI tools for creating/modifying the ACI for the 
container?  I started to try and create an ACI using the ones within FreeIPA as 
a reference, but if there's a GUI that would be useful too.  I checked out 
Apache Directory Studio which looks nice, but doesn't seem to support the 
schema that FreeIPA is using.

--Peter


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to