if you like some examples then,
You could design it many ways, one way could be,
1. Create an Organization unit say Service Team,
2. Create a Service_manager uid, or make any one of the Service Team member that.
If you have all Linux/Unix system, then you could have POSIX group called "ServiceTeam",
The ACL will look like this.
aci: ((target="ldaps:///ou=Service Team,dc=example,dc=com) version 3.0; acl "Support Manager"; allow (all) userdn="ldaps:///uid=support_manager,ou=people,dc=example,dc=come";)
Basically aforesaid ACI stating, if you login as uid=support_manager, you have allow(all) access to Service Team Organization unit.
I would recommend to use GUI and copy paste the ACI, because GUI does not allow all kind of ACIs.
Thanks,
Thanks,
Chandan
On Tuesday, March 12, 2013, Mark Reynolds wrote:
On Tuesday, March 12, 2013, Mark Reynolds wrote:
Elizabeth,
Please look at:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management-Using_Roles.html
Regards,
Mark
On 03/12/2013 10:46 AM, Elizabeth Jones wrote:
Can anyone point me towards any documentation or examples on creating and
using roles? I am hoping to set up a role for our service desk users so
they can add/delete users, but I need to have them login as themselves so
we can track them. I have an aci that I created that would allow them to
do this but I don't want to put the aci directly on specific user accounts
if i can avoid it.
thanks -
Elizabeth J
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Mark Reynolds
Red Hat, Inc
mreynolds@xxxxxxxxxx
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
--
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
