<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1605" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=274262519-11042009><FONT face=Arial
color=#0000ff size=2>Andrey thanks for the response.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=274262519-11042009><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=274262519-11042009><FONT face=Arial
color=#0000ff size=2>Rich, is this something that can be accomplished in the
current release?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=274262519-11042009><FONT face=Arial
color=#0000ff size=2>Is there something that can be added similar to the aci
showed for the phpldapadmin functionality?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=274262519-11042009><FONT face=Arial
color=#0000ff size=2>I would prefer not to use phpldapadmin or any other 3rd
party tool if we can grant limited access with the admin
console</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=274262519-11042009></SPAN><FONT face=Arial><FONT
color=#0000ff><FONT size=2>I<SPAN class=274262519-11042009> also agree with
Andrey that this is a nice feature to have in future releases if possible,
definitely on my wish list!!</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=274262519-11042009></SPAN></FONT></FONT></FONT> </DIV>
<DIV><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=274262519-11042009>Thank you</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=274262519-11042009>James</SPAN></FONT></FONT></FONT></DIV>
<DIV><BR></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] <B>On Behalf Of </B>Andrey
Ivanov<BR><B>Sent:</B> Saturday, April 11, 2009 7:44 AM<BR><B>To:</B> General
discussion list for the Fedora Directory server project.<BR><B>Subject:</B> Re:
[Fedora-directory-users] Admin Server console question.<BR></FONT><BR></DIV>
<DIV></DIV>I think it is somehow linked to the ACIs on the "o=NetscapeRoot"
tree. If you allow to all the authentified users read some of the subtrees of
o=NetscapeRoot" you should have a better directory visibility in the console for
a "normal" user.<BR><BR>But it would be an interesting request for the future
roadmap in order to leverage the FDS console:<BR><BR>* adjust the ACIs in the
o=NetscapeRoot branch to allow non-administrative users take advantage of the
FDS console. Also when entering the DN during the console authentification
allow just the RDN part - i.e. the possibility to put "john.doe" instead of
"uid=john.doe,ou=Engineering,dc=example,dc=com" in the console authentification
dialogue.<BR><BR><BR><BR>
<DIV class=gmail_quote>2009/4/11 Chavez, James R. <SPAN dir=ltr><<A
href="mailto:james.chavez@sanmina-sci.com">james.chavez@sanmina-sci.com</A>></SPAN><BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">Hello,<BR>I
am looking to use the Directory Server Admin Console similar to how<BR>the
Active Directory user's and Computers tool is used.<BR>More specifically I
would like to create an administrative group with<BR>permission to perform
certain functions such as reset user passwords and<BR>change certain other
attributes. I would like to login to the console<BR>with these users instead
of Directory Manager or admin to limit the<BR>access and damage that can be
done.<BR><BR>I have created a group of users with full access to my suffix
with<BR>ability to add and remove objects. I can do pretty much any
operation<BR>with ldapmodify, ldapadd, ldapdelete from the command
line.<BR><BR>However I cannot login to the Directory server console with these
users<BR>to admin the directory.<BR>If I login as Directory Manager to the
admin console and then select<BR>"login as new user" I am able to login with
the users, however the<BR>Directory is not visible. I do not have the correct
access somewhere<BR>obviously.<BR><BR>How can I configure FDS to allow these
users to admin the directory in a<BR>limited role? I am assuming I need to set
aci's in certain places to<BR>allow logging into the FDS admin server console
.<BR>I am assuming this is possible. I am able to access with a third
party<BR>tool but would like to use the FDS admin console.<BR><BR>Thank
you<BR>James<BR><BR></BLOCKQUOTE></DIV><BR>
<BR>
CONFIDENTIALITY<BR>
This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof.<BR>
ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity.<BR>
</BODY></HTML>