On 2.12.2011 17:41, Simo Sorce wrote:
On Fri, 2011-12-02 at 08:01 -0600, david t. klein wrote:
I think, rather than replicating your admin accounts, have a separate admin
realm, and then have all customer realms trust your admin realm, and use
In future this will be an easier way.
But right now trust relationships won't allow you to use a single admin
account to actually manage multiple freeipa realms.
From my point of view the fact that a single instance is only able to
run a single realm is even a bigger issue. But I think we can accomplish
what we need with pretty simple ACIs since the need for limiting the
visibility isn't too complex and follows the same pattern with every
Freeipa-users mailing list