[389-users] Manual & help step by step

Thu Jul 18 22:22:58 UTC 2013

Dear Dan ,

Please read this :

we need to run multi domain ldap where each domain will have an admin group
who can do everything and the user can change only passwords. We need to
know how to write the ACL for such scenario. Each domain will be represented
by O=domain and then we will have ou=people and we will have admin group
under the groups. Each domain will have this structure.

Best regards ,

Husam 

From: 389-users-bounces at lists.fedoraproject.org
[mailto:389-users-bounces at lists.fedoraproject.org] On Behalf Of Dan Lavu
Sent: Thursday, July 18, 2013 3:31 AM
To: 'General discussion list for the 389 Directory server project.'
Subject: Re: [389-users] Manual & help step by step

They are plenty of step by step instructions to do what you are trying to
do. You can refer to the Red Hat documentation or the 389 documentation. 

http://directory.fedoraproject.org/wiki/Howto:SSL

Also it is normal for the CA certificate to show up in the server tab if you
generated the CA certificate on the LDAP server, any certificate with the
private key in the database will appear as a server certificate. For example
when you export the CA and move it to a second server it will not show up in
the server tab then.

In addition, when generating a CSR using the GUI (idm console) you must
stick with it, because the CSR will create the key in the db. If you are
pursuing the command line using certutil, you must convert the x509
certificates (three files usually, private, public and ca into pkcs12
format. 

Here is a link to understand and configure ACIs. 

http://directory.fedoraproject.org/wiki/Howto:AccessControl

I hope this helps.

Dan

From: 389-users-bounces at lists.fedoraproject.org
[mailto:389-users-bounces at lists.fedoraproject.org] On Behalf Of ?????? -
????? -????? - ??????
Sent: Wednesday, July 17, 2013 7:38 PM
To: 389-users at lists.fedoraproject.org
Subject: [389-users] Manual & help step by step

Dear friends,

Anyone can help me ?

I have install the directory , on centos 

I want to make certs and install it on the server 

I have tried many ways but all not working  , one way with p12 , when
uploading the certificates it's both appear in the server tab even the CA .

The other way with openssl  in this case I can't upload the certificate on
server tab its only appear on the CA tab .

Also I want some help setting Acyls 

Like I want to have many admins each one can control his group no access for
the other groups 

Many thanks in advance .

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130719/fd6ed400/attachment.html>