On 2.12.2011 17:41, Simo Sorce wrote:
On Fri, 2011-12-02 at 08:01 -0600, david t. klein wrote:
I think, rather than replicating your admin accounts, have a separate admin
realm, and then have all customer realms trust your admin realm, and use
those credentials.
In future this will be an easier way.
But right now trust relationships won't allow you to use a single admin
account to actually manage multiple freeipa realms.

Simo.

From my point of view the fact that a single instance is only able to run a single realm is even a bigger issue. But I think we can accomplish what we need with pretty simple ACIs since the need for limiting the visibility isn't too complex and follows the same pattern with every customer.

-Lassi

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to