Re: [Freeipa-users] 389 DS & admin consoles
Craig White wrote: > *From:*freeipa-users-boun...@redhat.com > [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Rich Megginson > *Sent:* Tuesday, October 28, 2014 3:02 PM > *To:* freeipa-users@redhat.com > *Subject:* Re: [Freeipa-users] 389 DS & admin consoles > > > > On 10/28/2014 02:45 PM, Craig White wrote: > > RHEL 6.5 new install > > ipa-server-3.0.0-42.el6.x86_64 > > 389-ds-base-1.2.11.15-47.el6.x86_64 > > > > Is it safe to install the 389 DS and admin console packages and use > them? > > > In general, no, it is not supported. IPA depends on a certain tree > structure, schema, etc. > > > > > I think it would be useful to use for things like editing ACIs, etc. > > > It would be useful for a lot of lower level management and monitoring. > But unfortunately it is not supported. You might be able to install it > and make it work, but it might also mess up your IdM deployment. > > > Not worth it then. I have been all over your Documentation page on > FreeIPA.org (http://www.freeipa.org/page/Documentation) > > > > I have not found any way to actually edit ACLs (I believe the > terminology in 389 Server was ACI when I last used it some 8 or so years > ago). Is there any way to edit them? The permission plugin, ipa help permission rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] 389 DS & admin consoles
On 10/28/2014 07:23 PM, Rich Megginson wrote: On 10/28/2014 05:05 PM, Craig White wrote: *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Rich Megginson *Sent:* Tuesday, October 28, 2014 3:02 PM *To:* freeipa-users@redhat.com *Subject:* Re: [Freeipa-users] 389 DS & admin consoles On 10/28/2014 02:45 PM, Craig White wrote: RHEL 6.5 -- new install ipa-server-3.0.0-42.el6.x86_64 389-ds-base-1.2.11.15-47.el6.x86_64 Is it safe to install the 389 DS and admin console packages and use them? In general, no, it is not supported. IPA depends on a certain tree structure, schema, etc. I think it would be useful to use for things like editing ACI's, etc. It would be useful for a lot of lower level management and monitoring. But unfortunately it is not supported. You might be able to install it and make it work, but it might also mess up your IdM deployment. Not worth it then. I have been all over your Documentation page on FreeIPA.org (http://www.freeipa.org/page/Documentation) I have not found any way to actually edit ACL's (I believe the terminology in 389 Server was ACI when I last used it some 8 or so years ago). Is there any way to edit them? I'm assuming you mean something that can parse and understand 389 acis. No, not afaik. The actual low level ACIs are hidden under: roles, privileges, permissions and delegations. Have you looked at those? Managing low level ACIs directly is not supported or recommended. Is there any tools similar to the 389-DS-Server console like the Certificate manager? Not sure what you mean by "the Certificate manager". Do you mean the 389 console GUI that allows you to Manage Certificates? With IPA, that functionality is supposed to be largely automated. No everything that is supported from CA is exposed via CLI and UI. We are working on exposing more but what you have now is what you get. -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] 389 DS & admin consoles
On 10/28/2014 05:05 PM, Craig White wrote: *From:*freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Rich Megginson *Sent:* Tuesday, October 28, 2014 3:02 PM *To:* freeipa-users@redhat.com *Subject:* Re: [Freeipa-users] 389 DS & admin consoles On 10/28/2014 02:45 PM, Craig White wrote: RHEL 6.5 – new install ipa-server-3.0.0-42.el6.x86_64 389-ds-base-1.2.11.15-47.el6.x86_64 Is it safe to install the 389 DS and admin console packages and use them? In general, no, it is not supported. IPA depends on a certain tree structure, schema, etc. I think it would be useful to use for things like editing ACI’s, etc. It would be useful for a lot of lower level management and monitoring. But unfortunately it is not supported. You might be able to install it and make it work, but it might also mess up your IdM deployment. Not worth it then. I have been all over your Documentation page on FreeIPA.org (http://www.freeipa.org/page/Documentation) I have not found any way to actually edit ACL’s (I believe the terminology in 389 Server was ACI when I last used it some 8 or so years ago). Is there any way to edit them? I'm assuming you mean something that can parse and understand 389 acis. No, not afaik. Is there any tools similar to the 389-DS-Server console like the Certificate manager? Not sure what you mean by "the Certificate manager". Do you mean the 389 console GUI that allows you to Manage Certificates? With IPA, that functionality is supposed to be largely automated. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] 389 DS & admin consoles
From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson Sent: Tuesday, October 28, 2014 3:02 PM To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] 389 DS & admin consoles On 10/28/2014 02:45 PM, Craig White wrote: RHEL 6.5 - new install ipa-server-3.0.0-42.el6.x86_64 389-ds-base-1.2.11.15-47.el6.x86_64 Is it safe to install the 389 DS and admin console packages and use them? In general, no, it is not supported. IPA depends on a certain tree structure, schema, etc. I think it would be useful to use for things like editing ACI's, etc. It would be useful for a lot of lower level management and monitoring. But unfortunately it is not supported. You might be able to install it and make it work, but it might also mess up your IdM deployment. Not worth it then. I have been all over your Documentation page on FreeIPA.org (http://www.freeipa.org/page/Documentation) I have not found any way to actually edit ACL's (I believe the terminology in 389 Server was ACI when I last used it some 8 or so years ago). Is there any way to edit them? Is there any tools similar to the 389-DS-Server console like the Certificate manager? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] 389 DS & admin consoles
On 10/28/2014 02:45 PM, Craig White wrote: RHEL 6.5 – new install ipa-server-3.0.0-42.el6.x86_64 389-ds-base-1.2.11.15-47.el6.x86_64 Is it safe to install the 389 DS and admin console packages and use them? In general, no, it is not supported. IPA depends on a certain tree structure, schema, etc. I think it would be useful to use for things like editing ACI’s, etc. It would be useful for a lot of lower level management and monitoring. But unfortunately it is not supported. You might be able to install it and make it work, but it might also mess up your IdM deployment. Craig White System Administrator O623-201-8179 M602-377-9752 cid:image001.png@01CF86FE.42D51630 SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project