On Feb 16, 2011, at 04:10 , Sumit Bose wrote:
On Tue, Feb 15, 2011 at 06:30:51PM -0500, Peter Doherty wrote:
On Feb 15, 2011, at 14:45 , Simo Sorce wrote:
On Tue, 15 Feb 2011 14:09:07 -0500
Peter Doherty <dohe...@hkl.hms.harvard.edu> wrote:
On Feb 15, 2011, at 14:02 , Rob Crittenden wrote:
Peter Doherty wrote:
Hello, I'm running Fedora 14 and freeipa 1.2.2-6
Can I create a new cn/nsContainer (cn=subgroup,dc=example,dc=com)
and then create an account that can edit that cn as much as they
What would you put into this container?
The first thing I'm looking to do with it is have a web server that
has account information stored in LDAP, and to allow users to to
ldap authentication. The users logging into the web server would
It is possible to do using LDAP tools and then setting an ACI on the
container to give the user you want full control on that container.
This gave me a good starting point, and after reading some more,
I'm starting to wrap my brain around what I want to do and how to
LDAP has a steep learning curve, IMHO.
Can you recommend any GUI tools for creating/modifying the ACI for
the container? I started to try and create an ACI using the ones
within FreeIPA as a reference, but if there's a GUI that would be
useful too. I checked out Apache Directory Studio which looks
nice, but doesn't seem to support the schema that FreeIPA is using.
I use Apache Directory Studio to edit FreeIPA LDAP objects and I can
also see and edit ACIs. The schema shouldn't be a problem, because the
editor can read the schema data from the LDAP server. Which kind of
problems are you seeing ?
Well, Apache Directory Studio has ACI editor (looks like this: http://directory.apache.org/studio/screenshots.data/aci_visual_1.png
so you don't edit the text directly, but rather use a GUI, which
builds the policy in text and inserts it when you're done editing.
But it seems to use a different schema than FreeIPA is using...
Freeipa-users mailing list