Admin Server console question.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I think it is somehow linked to the ACIs on the "o=NetscapeRoot" tree. If
you allow to all the authentified users read some of the subtrees of
o=NetscapeRoot" you should have a better directory visibility in the console
for a "normal" user.

But it would be an interesting request for the future roadmap in order to
leverage the FDS console:

* adjust the ACIs in the o=NetscapeRoot branch to allow non-administrative
users take advantage of the FDS console. Also when entering the DN during
the console authentification  allow just the RDN part - i.e. the possibility
to put "john.doe" instead of "uid=john.doe,ou=Engineering,dc=example,dc=com"
in the console authentification dialogue.



2009/4/11 Chavez, James R. <james.chavez at sanmina-sci.com>

> Hello,
> I am looking to use the Directory Server Admin Console similar to how
> the Active Directory user's and Computers tool is used.
> More specifically I would like to create an administrative group with
> permission to perform certain functions such as reset user passwords and
> change certain other attributes. I would like to login to the console
> with these users instead of Directory Manager or admin to limit the
> access and damage that can be done.
>
> I have created a group of users with full access to my suffix with
> ability to add and remove objects. I can do pretty much any operation
> with ldapmodify, ldapadd, ldapdelete from the command line.
>
> However I cannot login to the Directory server console with these users
> to admin the directory.
> If I login as Directory Manager to the admin console and then select
> "login as new user" I am able to login with the users, however the
> Directory is not visible. I do not have the correct access somewhere
> obviously.
>
> How can I configure FDS to allow these users to admin the directory in a
> limited role? I am assuming I need to set aci's in certain places to
> allow logging into the FDS admin server console .
> I am assuming this is possible. I am able to access with a third party
> tool but would like to use the FDS admin console.
>
> Thank you
> James
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20090411/70461319/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux