Thanks for the response.

The way we can turn off the anonymous bind in 389 Server. using
 "nsslapd-allow-anonymous-access: off".

Is there any way to limit the read access of user to only to the DNS
entries? In that way I can create a user who could/will be able to see/edit
DNS entries only.

Thanks,
Chandan

On Friday, April 12, 2013, Dmitri Pal wrote:

> On 04/12/2013 02:23 AM, Martin Kosek wrote:
> > On 04/12/2013 01:07 AM, Chandan Kumar wrote:
> >> Hello,
> >>
> >> I have a question regarding Uer Roles and Access in GUI. What I have
> found that
> >> irrespective of Role assigned to a user, he gets read only access
> across the
> >> directory.
> >>
> >> For example, I created one user say "dnsadmin" with only Roles related
> to DNS
> >> such as DNS Servers, DNS Administrator. Now that user has read only
> access to
> >> entire directory. Is there any way of controlling it?
> >>
> >>
> >> Thanks,
> >> Chandan
> >>
> > Hello Chandan,
> >
> > If you create a new role, assign "DNS Administrators" privilege to it,
> and
> > assign that role to user dnsadmin, that user will have write access to
> DNS tree
> > and configuration.
> >
> > Beyond that tree, dnsadmin will have read-only access just like all other
> > non-admin users. If you want dnsadmin to have write access also to other
> > entries, you would need to assign more privileges/roles to it.
> >
> > HTH,
> > Martin
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users@redhat.com <javascript:;>
> > https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> If you are worried about the read access the LDAP data is traditionally
> readable by any authenticated user.
> In the past is was even possible to read the tree as anonymous user
> which is a bad security practice and not recommended.
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com <javascript:;>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>


-- 

--
http://about.me/chandank
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to