[389-users] Issue with 389
Rich Megginson
rmeggins at redhat.com
Mon Mar 7 16:53:46 UTC 2011
On 03/07/2011 02:57 AM, Carsten Grzemba wrote:
>
> ----- Ursprüngliche Nachricht -----
> Von: Andrea Modesto Rossi<amrossi at linux.it>
> Datum: Samstag, 5. März 2011, 13:39
> Betreff: [389-users] Issue with 389
> An: 389-users at lists.fedoraproject.org
>
>> Dear all,
>>
>> I hope you can help me in order to set up my first 389 Server.
>>
>> My situation : fresh install of 389 (Fedora 14), installed the
>> DS via
>> yum from the standard repos. Everything seems to work properly,
>> DNA as well.
>>
>> Basically i've got 2 problems and 1 question.
>>
>> First of all, i work with 389 console ):
>>
>> 1) Adding a new group (e.g. administrator) i see that there is
>> not the GID
>> attribute and i have to add it (by hand) every time (Advanced
>> propertis---> Object class ---> Add value ---> Posix Group);
>> it's very boring :-)
>> How can i fix this issue?
> If not already, there will be a new version which has a tab for editing posix group attributes.
> In general, is it possible to modify
Yes. This is already in updates testing - see
http://directory.fedoraproject.org/wiki/Release_Notes - this feature was
added in Alpha 3.
>> the basic
>> DIT ? Indeed i'd like to add much more information (manager,
>> company,...anso on) for each new users in a fast way.
> The fastest way to modify LDAP is CLI (ldapmodify) ;-).
> To exent the GUI for more attributes is possible but less documented.
The console is not very extensible in this way. If you are a java
programmer, you could add additional fields/tabs for the schema you are
interested in. For example, the recently added support for Posix Groups.
>> 2) I'm writing a Web interface able to manage users account
>> (e.g.:password).For some operations(reset pw) i need a Bind DN
>> user, right? Ok, please
>> could you help me write an ACL (principle of least privilege)
>> for this
>> user? i don't like to use the directory manage (cn=directory
>> manager). My
>> idea is to create a new user able to handle only his OU, and
>> nothing else!
> You can add easy a ACI on that OU Node with the console:
> Set access permissions
>
> First you add a user who should get the permissions for manage the users, for example: uid=uhd,ou=people,dc=example,dc=com
>
> Choose the container witch contains the users to manage and add there the ACI, for example:
> (targetattr = "userPassword")
> (version 3.0;
> acl "Permissions to manage user passwords";
> allow (all)
> (userdn = "ldap:///uid=uhd,ou=people,dc=example,dc=com")
The DSGW has a user self service password change page -
http://directory.fedoraproject.org/wiki/DSGW
>
>
>> 3) I have a PKI. can i manage(store) users keys(public and private)
>> directly through 389? If so, how? could you point me in the right
>> direction?
> There is also a Fedora CA project.
>
>>
>>
>> Thank you very much.
>>
>> have a nice weekend
>>
>> /AMR
>> --
>> Andrea Modesto Rossi
>> Fedora Ambassador
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110307/149cb38f/attachment.html>
More information about the 389-users
mailing list