But it would be an interesting request for the future roadmap in order to leverage the FDS console:
* adjust the ACIs in the o=NetscapeRoot branch to allow non-administrative users take advantage of the FDS console. Also when entering the DN during the console authentification allow just the RDN part - i.e. the possibility to put "john.doe" instead of "uid=john.doe,ou=Engineering,dc=example,dc=com" in the console authentification dialogue.
2009/4/11 Chavez, James R. <james.chavez@xxxxxxxxxxxxxxx>
Hello,
I am looking to use the Directory Server Admin Console similar to how
the Active Directory user's and Computers tool is used.
More specifically I would like to create an administrative group with
permission to perform certain functions such as reset user passwords and
change certain other attributes. I would like to login to the console
with these users instead of Directory Manager or admin to limit the
access and damage that can be done.
I have created a group of users with full access to my suffix with
ability to add and remove objects. I can do pretty much any operation
with ldapmodify, ldapadd, ldapdelete from the command line.
However I cannot login to the Directory server console with these users
to admin the directory.
If I login as Directory Manager to the admin console and then select
"login as new user" I am able to login with the users, however the
Directory is not visible. I do not have the correct access somewhere
obviously.
How can I configure FDS to allow these users to admin the directory in a
limited role? I am assuming I need to set aci's in certain places to
allow logging into the FDS admin server console .
I am assuming this is possible. I am able to access with a third party
tool but would like to use the FDS admin console.
Thank you
James
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
