I am trying to reduce the rights to an account so that it can only add
and remove machines from the IPA server. It will be used for scripts to run as
this user to bind machines that are stood up adhoc to the IPA server, and then
clean them up after they are ready for shutdown. However, I don't want users
that are allowed this access to be able to do much else (like remove my account
or any of my engineers accounts). I was wondering if anyone had any words of
wisdom on how to do this before I started doing guess and check research (since
a few google search have yielded nothing).
Digital Reasoning Systems, Inc.
Freeipa-users mailing list