Re: [Freeipa-users] lowest-privilege method of checking for out of sync FreeIPA masters?
2016-12-06
Thread
List dedicated to discussions about use, configuration and deployment of the IPA server.
List dedicated to discussions about use, configuration and deployment of the IPA server. wrote: > Hello, > > There's a method to check the replication status of FreeIPA masters by > looking at objectClass=nsDS5ReplicationAgreement in the "cn=mapping > tree,cn=config" part of LDAP. > > Unfortunately that requires Directory Admin level privileges. > > Is there a method to check those replication agreement details that uses > a much lower privilege? We'd like to add a replication test to our > Zabbix monitoring system, and we don't want to use the directory admin > user ID :) Create a privilege containing the permission "Read Replication Agreements", add that to a new role, and your user to that role and that should do it. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] lowest-privilege method of checking for out of sync FreeIPA masters?
2016-12-06
Thread
List dedicated to discussions about use, configuration and deployment of the IPA server.
Hello, There's a method to check the replication status of FreeIPA masters by looking at objectClass=nsDS5ReplicationAgreement in the "cn=mapping tree,cn=config" part of LDAP. Unfortunately that requires Directory Admin level privileges. Is there a method to check those replication agreement details that uses a much lower privilege? We'd like to add a replication test to our Zabbix monitoring system, and we don't want to use the directory admin user ID :) Thanks! Anthony Clark -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project