[Fedora-directory-users] Admin Server console question.

Chavez, James R. james.chavez at sanmina-sci.com
Sat Apr 11 19:35:34 UTC 2009 

Andrey thanks for the response.
 
Rich, is this something that can be accomplished in the current release?
Is there something that can be added similar to the aci showed for the
phpldapadmin functionality?
I would prefer not to use phpldapadmin or any other 3rd party tool if we
can grant limited access with the admin console
 
I also agree with Andrey that this is a nice feature to have in future
releases if possible, definitely on my wish list!!
 
Thank you
James

________________________________

From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Andrey
Ivanov
Sent: Saturday, April 11, 2009 7:44 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Admin Server console question.


I think it is somehow linked to the ACIs on the "o=NetscapeRoot" tree.
If you allow to all the authentified users read some of the subtrees of
o=NetscapeRoot" you should have a better directory visibility in the
console for a "normal" user.

But it would be an interesting request for the future roadmap in order
to leverage the FDS console:

* adjust the ACIs in the o=NetscapeRoot branch to allow
non-administrative users take advantage of the FDS console. Also when
entering the DN during the console authentification  allow just the RDN
part - i.e. the possibility to put "john.doe" instead of
"uid=john.doe,ou=Engineering,dc=example,dc=com" in the console
authentification dialogue.




2009/4/11 Chavez, James R. <james.chavez at sanmina-sci.com>


	Hello,
	I am looking to use the Directory Server Admin Console similar
to how
	the Active Directory user's and Computers tool is used.
	More specifically I would like to create an administrative group
with
	permission to perform certain functions such as reset user
passwords and
	change certain other attributes. I would like to login to the
console
	with these users instead of Directory Manager or admin to limit
the
	access and damage that can be done.
	
	I have created a group of users with full access to my suffix
with
	ability to add and remove objects. I can do pretty much any
operation
	with ldapmodify, ldapadd, ldapdelete from the command line.
	
	However I cannot login to the Directory server console with
these users
	to admin the directory.
	If I login as Directory Manager to the admin console and then
select
	"login as new user" I am able to login with the users, however
the
	Directory is not visible. I do not have the correct access
somewhere
	obviously.
	
	How can I configure FDS to allow these users to admin the
directory in a
	limited role? I am assuming I need to set aci's in certain
places to
	allow logging into the FDS admin server console .
	I am assuming this is possible. I am able to access with a third
party
	tool but would like to use the FDS admin console.
	
	Thank you
	James
	
	



CONFIDENTIALITY
This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited.  If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof.
ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING.  Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090411/a159748a/attachment.html>

More information about the 389-users mailing list