It’s definitely possible, you have to create a user in ou=adminstrators,ou=topologymanagement,o=Netscaperoot, an “Admin” user. I use this in quotes because you will then create the ACIs to limit that user to read / write on the OU you want him to only have access to. Just make sure you don’t add him to config adminstrators or anything like that. From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Bright, Daniel All, Here is the goal I am trying to accomplish: I am trying to create an administrative user that has access to the 389 Management Console that has access to a single OU and can only modify objects within that OU. This user should not be able to modify anything outside of this OU, nothing in netscaperoot, nothing under schema, monitor or Config, and shouldn’t be able to do anything on the Configuration or Tasks tab. If this is not possible then that’s fine, I just need to know either way, so far I have been messing with ACIs and targetfilters etc... trying to get something working and I’m not having much success, any help with this is greatly appreciated. Regards, |
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
