On Tue, Feb 15, 2011 at 06:30:51PM -0500, Peter Doherty wrote: > > On Feb 15, 2011, at 14:45 , Simo Sorce wrote: > > > On Tue, 15 Feb 2011 14:09:07 -0500 > > Peter Doherty <[email protected]> wrote: > > > >> On Feb 15, 2011, at 14:02 , Rob Crittenden wrote: > >> > >>> Peter Doherty wrote: > >>>> Hello, I'm running Fedora 14 and freeipa 1.2.2-6 > >>>> > >>>> > >>>> Can I create a new cn/nsContainer (cn=subgroup,dc=example,dc=com) > >>>> and then create an account that can edit that cn as much as they > >>>> want, > >>>> <snip> > >>>> > >>> > >>> What would you put into this container? > >>> > >>> <snip> > >>> > >>> rob > >> > >> The first thing I'm looking to do with it is have a web server that > >> has account information stored in LDAP, and to allow users to to > >> ldap authentication. The users logging into the web server would be > >> <snip> > > > > It is possible to do using LDAP tools and then setting an ACI on the > > container to give the user you want full control on that container. > > > > Simo. > > Simo, > > This gave me a good starting point, and after reading some more, I'm starting > to wrap my brain around what I want to do and how to do it. > LDAP has a steep learning curve, IMHO. > Can you recommend any GUI tools for creating/modifying the ACI for the > container? I started to try and create an ACI using the ones within FreeIPA > as a reference, but if there's a GUI that would be useful too. I checked out > Apache Directory Studio which looks nice, but doesn't seem to support the > schema that FreeIPA is using.
I use Apache Directory Studio to edit FreeIPA LDAP objects and I can also see and edit ACIs. The schema shouldn't be a problem, because the editor can read the schema data from the LDAP server. Which kind of problems are you seeing ? bye, Sumit > > --Peter > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
