On Thu, 2012-03-15 at 03:57 -0400, Tim Hildred wrote:
> Hey all;
> I preparing to use IPA as the Directory Server for my RHEV installation.
> Formerly in RHEV, you could change users passwords using the RHEV User Portal
> itself. With RHEV 3.0, this is no longer posssible. Instead, users need to be
> able to change their password using the IPA Web Administration Portal. I've
> set it up so that the IPA portal can be accessed using username and password
> rather than a Kerberos ticket. I've set all the users passwords to a default
> I'd like them to be able to log on to the IPA web UI, update only their own
> password (and other details about themselves), and carry on.
> Therefore, I don't want to give them admin roles, but some lesser, possibly
> custom role.
> Is this possible?
yes, this is possible. Any user can log in to WebUI and change his
account details or set the new password. They don't need to have
assigned any custom role, there are selfservice permissions that allow
that (you can check them with `ipa selfservice-find`).
Users with no admin role really see just the one tab with his account
details so that he is not distracted with all IPA WebUI configuration
Freeipa-users mailing list