The ACIs are defined inside the underlaying Directory Server. See
details and syntax are here
http://directory.fedoraproject.org/wiki/Howto:AccessControl
The ACIs as you see can be group based. One does not need a hierarchical
ou user structure in the DS for ACIs - just groups. So all the
Brian LaMere wrote:
The ACIs are defined inside the underlaying Directory Server. See
details and syntax are here
http://directory.fedoraproject.org/wiki/Howto:AccessControl
The ACIs as you see can be group based. One does not need a
hierarchical
ou user structure in the
389 access control is pretty powerful and flexible. There's usually a way
to do what you want to do without having to resort to using subtrees (as in
AD).
http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_Access_Control.html
aye - I already have everything on that side
On Thu, 2 Sep 2010 16:26:26 -0700
Brian LaMere br...@cukerinteractive.com wrote:
389 access control is pretty powerful and flexible. There's
usually a way to do what you want to do without having to resort to
using subtrees (as in AD).
Brian,
for non user/group/host objects you fully own and control you can use
whatever directory structure you want as long as you do not put them
under the cn=accounts subtree and keep them generally away from any IPA
controlled subtree.
ah - well if that's the case, then I asked my