<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1256"><base href="x-msg://2085/"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div>Please review this document </div><div><br></div><div><a href="http://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Access_Control-Creating_ACIs_from_the_Console.html">http://www.centos.org/docs/5/html/CDS/ag/8.0/Managing_Access_Control-Creating_ACIs_from_the_Console.html</a></div><div><br></div><div>Then ask any questions that you ay have afterwards. </div><div><br></div><div>On Jul 20, 2013, at 3:50 AM, تدريبك - دورات -شبكات - حاسبات <<a href="mailto:hus.shabeeb@gmail.com">hus.shabeeb@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div lang="EN-US" link="blue" vlink="purple" style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div class="WordSection1" style="page: WordSection1; "><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">we need your help in creating the ACLs not the structure we know how to create the structure.<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><o:p></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Can you send me photos for this process , or step by step commands .<o:p></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></div><div><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(181, 196, 223); padding: 3pt 0cm 0cm; "><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; ">From:</span></b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; "><span class="Apple-converted-space"> </span>389-<a href="mailto:users-bounces@lists.fedoraproject.org">users-bounces@lists.fedoraproject.org</a> [mailto:389-<a href="mailto:users-bounces@lists.fedoraproject.org">users-bounces@lists.fedoraproject.org</a>]<span class="Apple-converted-space"> </span><b>On Behalf Of<span class="Apple-converted-space"> </span></b>Dan Lavu<br><b>Sent:</b><span class="Apple-converted-space"> </span>Friday, July 19, 2013 10:54 PM<br><b>To:</b><span class="Apple-converted-space"> </span>General discussion list for the 389 Directory server project.<br><b>Subject:</b><span class="Apple-converted-space"> </span>Re: [389-users] Manual & help step by step<o:p></o:p></span></div></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Just create the structure and follow the instructions in the following url, <o:p></o:p></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><blockquote style="margin-top: 5pt; margin-bottom: 5pt; "><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><a href="http://directory.fedoraproject.org/wiki/Howto:AccessControl" style="color: purple; text-decoration: underline; "><span style="color: purple; ">http://directory.fedoraproject.org/wiki/Howto:AccessControl</span></a></span><o:p></o:p></div></blockquote><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">and please read the admin guide for instructions on how to use the idm console to setup your tree.<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><a href="https://access.redhat.com/site/documentation/Red_Hat_Directory_Server/" style="color: purple; text-decoration: underline; ">https://access.redhat.com/site/documentation/Red_Hat_Directory_Server/</a><o:p></o:p></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div><div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">On Jul 19, 2013, at 1:34 PM,<span class="Apple-converted-space"> </span><span lang="AR-SA" dir="RTL">تدريبك - دورات -شبكات - حاسبات<span class="Apple-converted-space"> </span></span><span dir="LTR"></span><span dir="LTR"></span><<a href="mailto:hus.shabeeb@gmail.com" style="color: purple; text-decoration: underline; ">hus.shabeeb@gmail.com</a>> wrote:<o:p></o:p></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><br><br><o:p></o:p></div><div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Dear Dan ,<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Many thanks for your help ..<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">we want use number one option as it is the most flexible and least headache.<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Let fox on it ,<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Can you give more information on that .<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Best regards ,<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Husam<br><br><br><br><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span><o:p></o:p></div></div><div><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(181, 196, 223); padding: 3pt 0cm 0cm; "><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; ">From:</span></b><span class="apple-converted-space"><span style="font-size: 10pt; font-family: Tahoma, sans-serif; "> </span></span><span style="font-size: 10pt; font-family: Tahoma, sans-serif; ">389-<a href="mailto:users-bounces@lists.fedoraproject.org">users-bounces@lists.fedoraproject.org</a> [mailto:389-<a href="mailto:users-bounces@lists.fedoraproject.org">users-bounces@lists.fedoraproject.org</a>]<span class="apple-converted-space"> </span><b>On Behalf Of<span class="apple-converted-space"> </span></b>Dan Lavu<br><b>Sent:</b><span class="apple-converted-space"> </span>Friday, July 19, 2013 11:18 AM<br><b>To:</b><span class="apple-converted-space"> </span>General discussion list for the 389 Directory server project.<br><b>Subject:</b><span class="apple-converted-space"> </span>Re: [389-users] Manual & help step by step</span><o:p></o:p></div></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">I can think of two ways to do this but I will propose the way that I think is best…. so It will not be one ACI it will be several. <o:p></o:p></div></div><div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Please keep in mind that ACI do get inherited and do not travel up the directory structure, they only effect their child objects. So one ACI at the top level of your root suffix o=X that permits users to change their own attributes. For each OU you create, you will need to create an ACI for the group of users who can administer the "domain". <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">So<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">O=X (ACI that permits any user to write to their own attributes)<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">|--------dc=domain (ACI that permits administrators to manage their users)<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span class="apple-tab-span"> </span><span class="apple-converted-space"> </span>|---------------ou=people<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span class="apple-tab-span"> </span><span class="apple-converted-space"> </span>|---------------ou-group<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">|-------dc=domain1 (ACI that permits the administrators to manage their users) <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span class="apple-tab-span"> </span><span class="apple-converted-space"> </span>etc etc<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">So the nice thing about this is you have one database, one replication agreement but without writing proper ACIs there is a change that domain1 can have visibility into domain.<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">You can do <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">O=domain (All ACIs can go here)<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">|------------ou=people<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">O=domain1<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">|------------ou=poeple<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">The only thing I don't like about this method is, for each domain you add you will have to create a replication agreement but you can have separate memory allocations, pagesize per domain so it depends on your implementation and how its going to be used. <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">I hope this helps. <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">Dan<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">This will be the easiest way to manage it and administer it, if you require that each domain be an entirely separate directory with no visibility into other domains, you will want to read up on multiple databases, but this will make it an administrative hassle. For each database<o:p></o:p></div></div><div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div><div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">On Jul 18, 2013, at 6:22 PM,<span class="apple-converted-space"> </span><span lang="AR-SA" dir="RTL">تدريبك - دورات -شبكات - حاسبات<span class="apple-converted-space"> </span></span><span dir="LTR"></span><span dir="LTR"></span><<a href="mailto:hus.shabeeb@gmail.com" style="color: purple; text-decoration: underline; "><span style="color: purple; ">hus.shabeeb@gmail.com</span></a>> wrote:<o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><br><br><br><o:p></o:p></div></div><div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">Dear<span class="apple-converted-space"> </span><span style="color: rgb(31, 73, 125); ">Dan</span><span class="apple-converted-space"> </span>,</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span dir="RTL"></span><span lang="AR-SA" dir="RTL" style="font-size: 10.5pt; font-family: Arial, sans-serif; "><span dir="RTL"></span> </span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">Please read this :</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">we need to run multi domain ldap where each domain will have an admin group who can do everything and the user can change only passwords. We need to know how to write the ACL for such scenario. Each domain will be represented by O=domain and then we will have ou=people and we will have admin group under the groups. Each domain will have this structure.</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span dir="RTL"></span><span lang="AR-SA" dir="RTL" style="font-size: 10.5pt; font-family: Arial, sans-serif; "><span dir="RTL"></span> </span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">Best regards ,</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">Husam</span><o:p></o:p></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; text-align: right; direction: rtl; unicode-bidi: embed; "><span dir="RTL"></span><span lang="AR-SA" style="font-size: 10.5pt; font-family: Arial, sans-serif; "><span dir="RTL"></span> </span><span dir="LTR"><o:p></o:p></span></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span><span lang="AR-SA" dir="RTL"><o:p></o:p></span></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span dir="LTR"></span><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><span dir="LTR"></span> </span><o:p></o:p></div></div><div><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(181, 196, 223); padding: 3pt 0cm 0cm; "><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><b><span style="font-size: 10pt; font-family: Tahoma, sans-serif; ">From:</span></b><span class="apple-converted-space"><span style="font-size: 10pt; font-family: Tahoma, sans-serif; "> </span></span><span style="font-size: 10pt; font-family: Tahoma, sans-serif; ">389-<a href="mailto:users-bounces@lists.fedoraproject.org" style="color: purple; text-decoration: underline; "><span style="color: purple; ">users-bounces@lists.fedoraproject.org</span></a><span class="apple-converted-space"> </span>[mailto:389-<a href="mailto:users-bounces@lists.fedoraproject.org" style="color: purple; text-decoration: underline; "><span style="color: purple; ">users-bounces@lists.fedoraproject.org</span></a>]<span class="apple-converted-space"> </span><b>On Behalf Of<span class="apple-converted-space"> </span></b>Dan Lavu<br><b>Sent:</b><span class="apple-converted-space"> </span>Thursday, July 18, 2013 3:31 AM<br><b>To:</b><span class="apple-converted-space"> </span>'General discussion list for the 389 Directory server project.'<br><b>Subject:</b><span class="apple-converted-space"> </span>Re: [389-users] Manual & help step by step</span><o:p></o:p></div></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> </span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">They are plenty of step by step instructions to do what you are trying to do. You can refer to the Red Hat documentation or the 389 documentation.</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><a href="http://directory.fedoraproject.org/wiki/Howto:SSL" style="color: purple; text-decoration: underline; "><span style="color: purple; ">http://directory.fedoraproject.org/wiki/Howto:SSL</span></a></span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Also it is normal for the CA certificate to show up in the server tab if you generated the CA certificate on the LDAP server, any certificate with the private key in the database will appear as a server certificate. For example when you export the CA and move it to a second server it will not show up in the server tab then.</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">In addition, when generating a CSR using the GUI (idm console) you must stick with it, because the CSR will create the key in the db. If you are pursuing the command line using certutil, you must convert the x509 certificates (three files usually, private, public and ca into pkcs12 format.</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Here is a link to understand and configure ACIs.</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "><a href="http://directory.fedoraproject.org/wiki/Howto:AccessControl" style="color: purple; text-decoration: underline; "><span style="color: purple; ">http://directory.fedoraproject.org/wiki/Howto:AccessControl</span></a></span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">I hope this helps.</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Dan</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span><o:p></o:p></div></div><div><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(225, 225, 225); padding: 3pt 0cm 0cm; "><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><b><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">From:</span></b><span class="apple-converted-space"><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> </span></span><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">389-<a href="mailto:users-bounces@lists.fedoraproject.org" style="color: purple; text-decoration: underline; "><span style="color: purple; ">users-bounces@lists.fedoraproject.org</span></a><span class="apple-converted-space"> </span>[mailto:389-<a href="mailto:users-bounces@lists.fedoraproject.org" style="color: purple; text-decoration: underline; "><span style="color: purple; ">users-bounces@lists.fedoraproject.org</span></a>]<span class="apple-converted-space"> </span><b>On Behalf Of<span class="apple-converted-space"> </span></b>?????? - ????? -????? - ??????<br><b>Sent:</b><span class="apple-converted-space"> </span>Wednesday, July 17, 2013 7:38 PM<br><b>To:</b><span class="apple-converted-space"> </span>389-<a href="mailto:users@lists.fedoraproject.org" style="color: purple; text-decoration: underline; "><span style="color: purple; ">users@lists.fedoraproject.org</span></a><br><b>Subject:</b><span class="apple-converted-space"> </span>[389-users] Manual & help step by step</span><o:p></o:p></div></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> </span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">Dear friends,</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> </span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">Anyone can help me ?</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">I have install the directory , on centos</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">I want to make certs and install it on the server</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">I have tried many ways but all not working , one way with p12 , when uploading the certificates it's both appear in the server tab even the CA .</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">The other way with openssl in this case I can't upload the certificate on server tab its only appear on the CA tab .</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> </span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">Also I want some help setting Acyls</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">Like I want to have many admins each one can control his group no access for the other groups</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> </span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">Many thanks in advance .</span><o:p></o:p></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 13.5pt; font-family: Helvetica, sans-serif; ">--<br>389 users mailing list<br>389-<a href="mailto:users@lists.fedoraproject.org" style="color: purple; text-decoration: underline; "><span style="color: purple; ">users@lists.fedoraproject.org</span></a><br><a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" style="color: purple; text-decoration: underline; "><span style="color: purple; ">https://admin.fedoraproject.org/mailman/listinfo/389-users</span></a></span><o:p></o:p></div></div></div></div><div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "> <o:p></o:p></div></div></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><span style="font-size: 13.5pt; font-family: Helvetica, sans-serif; ">--<br>389 users mailing list<br>389-<a href="mailto:users@lists.fedoraproject.org" style="color: purple; text-decoration: underline; "><span style="color: purple; ">users@lists.fedoraproject.org</span></a><br><a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" style="color: purple; text-decoration: underline; "><span style="color: purple; ">https://admin.fedoraproject.org/mailman/listinfo/389-users</span></a><o:p></o:p></span></div></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></div></div></div>--<br>389 users mailing list<br>389-<a href="mailto:users@lists.fedoraproject.org" style="color: purple; text-decoration: underline; ">users@lists.fedoraproject.org</a><br><a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" style="color: purple; text-decoration: underline; ">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></div></blockquote></div><br></body></html>