It Meme wrote:

Assumption: Accounts have been provisioned in IPA.

Can the IPA provisioned accounts be subsequently managed by LDAP calls
from an external system? Examples: password update, group membership.

Password update via LDAP: yes

Group membership is just properly adding a member attribute with the DN of the member into the right location, so yeah. This may depend on the access rights of the user doing the change. Note that this is potentially dangerous. For example, our management framework prevents the last user from being removed from the admins group. If you do this via LDAP you lose that protection.


Freeipa-users mailing list

Reply via email to