All,
Here is the goal I am trying to accomplish:
I am trying to create an administrative user that has access to the 389 Management Console
that has access to a single OU and can only modify objects within that OU. This user
should not be able to modify anything outside of this OU, nothing in netscaperoot, nothing
under schema, monitor or Config, and shouldn't be able to do anything on the
Configuration or Tasks tab.
If this is not possible then that's fine, I just need to know either way, so far I
have been messing with ACIs and targetfilters etc... trying to get something working and
I'm not having much success, any help with this is greatly appreciated.
Regards,
Daniel Bright
Show replies by date
It's definitely possible, you have to create a user in
ou=adminstrators,ou=topologymanagement,o=Netscaperoot, an "Admin" user. I
use this in quotes because you will then create the ACIs to limit that user
to read / write on the OU you want him to only have access to.
Just make sure you don't add him to config adminstrators or anything like
that.
From: 389-users-bounces(a)lists.fedoraproject.org
[mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Bright,
Daniel
Sent: Friday, August 16, 2013 10:35 AM
To: 389-users(a)lists.fedoraproject.org
Subject: [389-users] Need help setting up additional 389 Management Console
Users/Admins
All,
Here is the goal I am trying to accomplish:
I am trying to create an administrative user that has access to the 389
Management Console that has access to a single OU and can only modify
objects within that OU. This user should not be able to modify anything
outside of this OU, nothing in netscaperoot, nothing under schema, monitor
or Config, and shouldn't be able to do anything on the Configuration or
Tasks tab.
If this is not possible then that's fine, I just need to know either way, so
far I have been messing with ACIs and targetfilters etc... trying to get
something working and I'm not having much success, any help with this is
greatly appreciated.
Regards,
Daniel Bright