Re: [Freeipa-users] Limiting group/user visibility

2011-12-09 Thread Lassi Pölönen
On 2011-12-08 17:36, Rob Crittenden wrote: > Lassi Pölönen wrote: >> On 7.12.2011 21:28, Dmitri Pal wrote: So I came in to conclusion I just create a role for each customer, e.g "Customer1" and assign that role to all customer's user groups and hosts (too bad it isn't possible t

Re: [Freeipa-users] Limiting group/user visibility

2011-12-08 Thread Rob Crittenden
Lassi Pölönen wrote: On 7.12.2011 21:28, Dmitri Pal wrote: I think I found at least one solution, that probably isn't the most elegant one. On the other hand I don't think with the current limitations of FreeIPA it is even possible to do much better. Any comments/suggestions are of course welcom

Re: [Freeipa-users] Limiting group/user visibility

2011-12-07 Thread Lassi Pölönen
On 7.12.2011 21:28, Dmitri Pal wrote: I think I found at least one solution, that probably isn't the most elegant one. On the other hand I don't think with the current limitations of FreeIPA it is even possible to do much better. Any comments/suggestions are of course welcome. My first approach

Re: [Freeipa-users] Limiting group/user visibility

2011-12-07 Thread Dmitri Pal
> I think I found at least one solution, that probably isn't the most > elegant one. On the other hand I don't think with the current > limitations of FreeIPA it is even possible to do much better. Any > comments/suggestions are of course welcome. > > My first approach was to remove the default ac

Re: [Freeipa-users] Limiting group/user visibility

2011-12-07 Thread Lassi Pölönen
On 2011-12-01 19:01, Lassi Pölönen wrote: > On 1.12.2011 15:12, Stephen Gallagher wrote: >> On Thu, 2011-12-01 at 13:46 +0100, Jakub Hrozek wrote: >>> On Wed, Nov 30, 2011 at 01:18:46PM +0200, Lassi Pölönen wrote: Hi, I'm looking for implementing FreeIPA in an environment where there

Re: [Freeipa-users] Limiting group/user visibility

2011-12-03 Thread Lassi Pölönen
On 2.12.2011 17:41, Simo Sorce wrote: On Fri, 2011-12-02 at 08:01 -0600, david t. klein wrote: I think, rather than replicating your admin accounts, have a separate admin realm, and then have all customer realms trust your admin realm, and use those credentials. In future this will be an easier

Re: [Freeipa-users] Limiting group/user visibility

2011-12-02 Thread Simo Sorce
On Fri, 2011-12-02 at 08:01 -0600, david t. klein wrote: > I think, rather than replicating your admin accounts, have a separate admin > realm, and then have all customer realms trust your admin realm, and use > those credentials. In future this will be an easier way. But right now trust relation

Re: [Freeipa-users] Limiting group/user visibility

2011-12-02 Thread david t. klein
: Re: [Freeipa-users] Limiting group/user visibility On 2011-12-01 19:01, Lassi Pölönen wrote: > On 1.12.2011 15:12, Stephen Gallagher wrote: >> On Thu, 2011-12-01 at 13:46 +0100, Jakub Hrozek wrote: >>> On Wed, Nov 30, 2011 at 01:18:46PM +0200, Lassi Pölönen wrote: >>>>

Re: [Freeipa-users] Limiting group/user visibility

2011-12-01 Thread Lassi Pölönen
On 2011-12-01 19:01, Lassi Pölönen wrote: > On 1.12.2011 15:12, Stephen Gallagher wrote: >> On Thu, 2011-12-01 at 13:46 +0100, Jakub Hrozek wrote: >>> On Wed, Nov 30, 2011 at 01:18:46PM +0200, Lassi Pölönen wrote: Hi, I'm looking for implementing FreeIPA in an environment where there

Re: [Freeipa-users] Limiting group/user visibility

2011-12-01 Thread Lassi Pölönen
On 1.12.2011 15:12, Stephen Gallagher wrote: On Thu, 2011-12-01 at 13:46 +0100, Jakub Hrozek wrote: On Wed, Nov 30, 2011 at 01:18:46PM +0200, Lassi Pölönen wrote: Hi, I'm looking for implementing FreeIPA in an environment where there are multiple customers in multiple organizations and a singl

Re: [Freeipa-users] Limiting group/user visibility

2011-12-01 Thread Stephen Gallagher
On Thu, 2011-12-01 at 13:46 +0100, Jakub Hrozek wrote: > On Wed, Nov 30, 2011 at 01:18:46PM +0200, Lassi Pölönen wrote: > > Hi, > > > > I'm looking for implementing FreeIPA in an environment where there are > > multiple customers in multiple organizations and a single organization > > that manages

Re: [Freeipa-users] Limiting group/user visibility

2011-12-01 Thread Jakub Hrozek
On Wed, Nov 30, 2011 at 01:18:46PM +0200, Lassi Pölönen wrote: > Hi, > > I'm looking for implementing FreeIPA in an environment where there are > multiple customers in multiple organizations and a single organization > that manages the users, sets the access rights etc. > > We don't have a centra

Re: [Freeipa-users] Limiting group/user visibility

2011-11-30 Thread Lassi Pölönen
bject: [Freeipa-users] Limiting group/user visibility Hi, I'm looking for implementing FreeIPA in an environment where there are multiple customers in multiple organizations and a single organization that manages the users, sets the access rights etc. We don't have a centralized syst

Re: [Freeipa-users] Limiting group/user visibility

2011-11-30 Thread Stephen Ingram
Lassi On Wed, Nov 30, 2011 at 3:18 AM, Lassi Pölönen wrote: > I'm looking for implementing FreeIPA in an environment where there are > multiple customers in multiple organizations and a single organization > that manages the users, sets the access rights etc. > > We don't have a centralized syste

Re: [Freeipa-users] Limiting group/user visibility

2011-11-30 Thread Steven Jones
t.com] on behalf of Lassi Pölönen [lassi.polo...@iki.fi] Sent: Thursday, 1 December 2011 12:18 a.m. To: freeipa-users@redhat.com Subject: [Freeipa-users] Limiting group/user visibility Hi, I'm looking for implementing FreeIPA in an environment where there are multiple customers in multiple org

[Freeipa-users] Limiting group/user visibility

2011-11-30 Thread Lassi Pölönen
Hi, I'm looking for implementing FreeIPA in an environment where there are multiple customers in multiple organizations and a single organization that manages the users, sets the access rights etc. We don't have a centralized system currently so I will be starting from the scratch in that sense.