Can anyone point me towards any documentation or examples on creating and using roles? I am hoping to set up a role for our service desk users so they can add/delete users, but I need to have them login as themselves so we can track them. I have an aci that I created that would allow them to do this but I don't want to put the aci directly on specific user accounts if i can avoid it.
thanks - Elizabeth J
Elizabeth,
Please look at:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/...
Regards, Mark
On 03/12/2013 10:46 AM, Elizabeth Jones wrote:
Can anyone point me towards any documentation or examples on creating and using roles? I am hoping to set up a role for our service desk users so they can add/delete users, but I need to have them login as themselves so we can track them. I have an aci that I created that would allow them to do this but I don't want to put the aci directly on specific user accounts if i can avoid it.
thanks - Elizabeth J
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
While RTFM is always best option. But initially I have struggled a lot to understand ACI stuff :-), and I am no expert on that yet.
if you like some examples then,
You could design it many ways, one way could be,
1. Create an Organization unit say Service Team, 2. Create a Service_manager uid, or make any one of the Service Team member that.
If you have all Linux/Unix system, then you could have POSIX group called "ServiceTeam",
The ACL will look like this.
aci: ((target="ldaps:///ou=Service Team,dc=example,dc=com) version 3.0; acl "Support Manager"; allow (all) userdn="ldaps:///uid=support_manager,ou=people,dc=example,dc=come";)
Basically aforesaid ACI stating, if you login as uid=support_manager, you have allow(all) access to Service Team Organization unit.
I would recommend to use GUI and copy paste the ACI, because GUI does not allow all kind of ACIs.
Thanks, Chandan
On Tuesday, March 12, 2013, Mark Reynolds wrote:
Elizabeth,
Please look at:
https://access.redhat.com/**knowledge/docs/en-US/Red_Hat_** Directory_Server/9.0/html/**Administration_Guide/Advanced_** Entry_Management-Using_Roles.**htmlhttps://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management-Using_Roles.html
Regards, Mark
On 03/12/2013 10:46 AM, Elizabeth Jones wrote:
Can anyone point me towards any documentation or examples on creating and using roles? I am hoping to set up a role for our service desk users so they can add/delete users, but I need to have them login as themselves so we can track them. I have an aci that I created that would allow them to do this but I don't want to put the aci directly on specific user accounts if i can avoid it.
thanks - Elizabeth J
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.**org/mailman/listinfo/389-usershttps://admin.fedoraproject.org/mailman/listinfo/389-users
-- Mark Reynolds Red Hat, Inc mreynolds@redhat.com
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.**org/mailman/listinfo/389-usershttps://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org