----- Ursprüngliche Nachricht ----- Von: Andrea Modesto Rossi <amrossi@xxxxxxxx> Datum: Samstag, 5. März 2011, 13:39 Betreff: [389-users] Issue with 389 An: 389-users@xxxxxxxxxxxxxxxxxxxxxxx > Dear all, > > I hope you can help me in order to set up my first 389 Server. > > My situation : fresh install of 389 (Fedora 14), installed the > DS via > yum from the standard repos. Everything seems to work properly, > DNA as well. > > Basically i've got 2 problems and 1 question. > > First of all, i work with 389 console ): > > 1) Adding a new group (e.g. administrator) i see that there is > not the GID > attribute and i have to add it (by hand) every time (Advanced > propertis---> Object class ---> Add value ---> Posix Group); > it's very boring :-) > How can i fix this issue? If not already, there will be a new version which has a tab for editing posix group attributes. In general, is it possible to modify > the basic > DIT ? Indeed i'd like to add much more information (manager, > company,...anso on) for each new users in a fast way. The fastest way to modify LDAP is CLI (ldapmodify) ;-). To exent the GUI for more attributes is possible but less documented. > > 2) I'm writing a Web interface able to manage users account > (e.g.:password).For some operations(reset pw) i need a Bind DN > user, right? Ok, please > could you help me write an ACL (principle of least privilege) > for this > user? i don't like to use the directory manage (cn=directory > manager). My > idea is to create a new user able to handle only his OU, and > nothing else! You can add easy a ACI on that OU Node with the console: Set access permissions First you add a user who should get the permissions for manage the users, for example: uid=uhd,ou=people,dc=example,dc=com Choose the container witch contains the users to manage and add there the ACI, for example: (targetattr = "userPassword") (version 3.0; acl "Permissions to manage user passwords"; allow (all) (userdn = "ldap:///uid=uhd,ou=people,dc=example,dc=com";) > > 3) I have a PKI. can i manage(store) users keys(public and private) > directly through 389? If so, how? could you point me in the right > direction? There is also a Fedora CA project. > > > > Thank you very much. > > have a nice weekend > > /AMR > -- > Andrea Modesto Rossi > Fedora Ambassador > > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users
begin:vcard n:Grzemba;Carsten fn:Carsten Grzemba tel;cell:+49 171 9749479 tel;work:+49 3677 6474-0 org:contac Datentechnik GmbH adr:;;Auf dem Steine 1;Ilmenau;;98693; email;internet:carsten.grzemba@xxxxxxxxxxxx version:2.1 end:vcard
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
