> On 17 Jan 2019, at 19:40, Ludwig Krispenz <lkrispen@xxxxxxxxxx> wrote: > > > Maybe I do not understand how it works because of some lib389 magic, but I think this is not how roles work. > > You are creating cn=tuser1 and cn=Anju and they will have the role objectclasses, but the benefit of roles is that you do NOT have to touch the useres to assign roles to them. There is a class of users and a class of role definitions and ONLY the change in the role definition will determine if a user has a role or not. I think lib389 probably isn’t helping, but Ludwig’s description here is correct. Maybe a good approach is to “setup” roles by hand, then once you have a process in mind, then you can make the lib389 parts? I generally approach things this way to understand them well. Would that help? — Sincerely, William Brown Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx
