Thanks for the response.
The way we can turn off the anonymous bind in 389 Server. using
Is there any way to limit the read access of user to only to the DNS
entries? In that way I can create a user who could/will be able to see/edit
DNS entries only.
On Friday, April 12, 2013, Dmitri Pal wrote:
> On 04/12/2013 02:23 AM, Martin Kosek wrote:
> > On 04/12/2013 01:07 AM, Chandan Kumar wrote:
> >> Hello,
> >> I have a question regarding Uer Roles and Access in GUI. What I have
> found that
> >> irrespective of Role assigned to a user, he gets read only access
> across the
> >> directory.
> >> For example, I created one user say "dnsadmin" with only Roles related
> to DNS
> >> such as DNS Servers, DNS Administrator. Now that user has read only
> access to
> >> entire directory. Is there any way of controlling it?
> >> Thanks,
> >> Chandan
> > Hello Chandan,
> > If you create a new role, assign "DNS Administrators" privilege to it,
> > assign that role to user dnsadmin, that user will have write access to
> DNS tree
> > and configuration.
> > Beyond that tree, dnsadmin will have read-only access just like all other
> > non-admin users. If you want dnsadmin to have write access also to other
> > entries, you would need to assign more privileges/roles to it.
> > HTH,
> > Martin
> > _______________________________________________
> > Freeipa-users mailing list
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> If you are worried about the read access the LDAP data is traditionally
> readable by any authenticated user.
> In the past is was even possible to read the tree as anonymous user
> which is a bad security practice and not recommended.
> Thank you,
> Dmitri Pal
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
> Looking to carve out IT costs?
> Freeipa-users mailing list
Freeipa-users mailing list