On 17/10/2016 14:56, freeipa-users-requ...@redhat.com wrote:
But now I have to create for this user a ACI to read the uid,
mailAlternateAddress is in "objectClass mailrecipient"
I mean I must have a ACI like
access to attribute= ............
Have any a hint or link to understand this Problem?
I found this guide very helpful, specifically for allowing access to a
NT password hash attribute for doing wireless authentication.
They are doing it the correct way here: by creating a service principal
for the RADIUS server, which it uses to get a kerberos ticket and
authenticate itself to the directory. But you could also use similar
steps to apply those permissions to a regular user.
And the related guide if you're interested:
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project