Re: [389-users] Issue with 389

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




----- Ursprüngliche Nachricht -----
Von: Andrea Modesto Rossi <amrossi@xxxxxxxx>
Datum: Samstag, 5. März 2011, 13:39
Betreff: [389-users] Issue with 389
An: 389-users@xxxxxxxxxxxxxxxxxxxxxxx

> Dear all,
> 
> I hope you can help me in order to set up my first 389 Server.
> 
> My situation : fresh install of 389 (Fedora 14), installed the 
> DS via
> yum from the standard repos. Everything seems to work properly, 
> DNA as well.
> 
> Basically i've got 2 problems and 1 question.
> 
> First of all, i work with 389 console  ):
> 
> 1) Adding a new group (e.g. administrator) i see that there is 
> not the GID
> attribute and i have to add it (by hand) every time (Advanced 
> propertis---> Object class ---> Add value ---> Posix Group); 
> it's very boring :-)
> How can i fix this issue?
If not already, there will be a new version which has a tab for editing posix group attributes.
 In general, is it possible to modify 
> the basic
> DIT ? Indeed i'd like to add much more information (manager, 
> company,...anso on) for each new users in a fast way.
The fastest way to modify LDAP is CLI (ldapmodify) ;-).
To exent the GUI for more attributes is possible but less documented.

> 
> 2) I'm writing a Web interface able to manage users account 
> (e.g.:password).For some operations(reset pw) i need a Bind DN 
> user, right? Ok, please
> could you help me write an ACL (principle of least privilege) 
> for this
> user? i don't like to use the directory manage (cn=directory 
> manager). My
> idea is to create a new user able to handle only his OU, and 
> nothing else!
You can add easy a ACI on that OU Node with the console:
Set access permissions

First you add a user who should get the permissions for manage the users, for example: uid=uhd,ou=people,dc=example,dc=com

Choose the container witch contains the users to manage and add there the ACI, for example:
(targetattr = "userPassword") 
(version 3.0;
acl "Permissions to manage user passwords";
allow (all)
(userdn = "ldap:///uid=uhd,ou=people,dc=example,dc=com";)



> 
> 3) I have a PKI. can i manage(store) users keys(public and private)
> directly through 389? If so, how? could you point me in the right
> direction?
There is also a Fedora CA project.

> 
> 
> 
> Thank you very much.
> 
> have a nice weekend
> 
> /AMR
> -- 
> Andrea Modesto Rossi
> Fedora Ambassador
> 
> 
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
begin:vcard
n:Grzemba;Carsten
fn:Carsten Grzemba
tel;cell:+49 171 9749479
tel;work:+49 3677 6474-0
org:contac Datentechnik GmbH
adr:;;Auf dem Steine 1;Ilmenau;;98693;
email;internet:carsten.grzemba@xxxxxxxxxxxx
version:2.1
end:vcard
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux