On 17/10/2016 14:56, freeipa-users-requ...@redhat.com wrote:
But now I have to create for this user a ACI to read the uid,

mailAlternateAddress is in "objectClass mailrecipient"

I mean I must have a ACI like
access to attribute= ............

Have any a hint or link to understand this Problem?

I found this guide very helpful, specifically for allowing access to a NT password hash attribute for doing wireless authentication.


They are doing it the correct way here: by creating a service principal for the RADIUS server, which it uses to get a kerberos ticket and authenticate itself to the directory. But you could also use similar steps to apply those permissions to a regular user.

And the related guide if you're interested:




Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to