[Fedora-directory-users] Admin Server console question.

Andrey Ivanov andrey.ivanov at polytechnique.fr
Sat Apr 11 14:44:08 UTC 2009 

I think it is somehow linked to the ACIs on the "o=NetscapeRoot" tree. If
you allow to all the authentified users read some of the subtrees of
o=NetscapeRoot" you should have a better directory visibility in the console
for a "normal" user.

But it would be an interesting request for the future roadmap in order to
leverage the FDS console:

* adjust the ACIs in the o=NetscapeRoot branch to allow non-administrative
users take advantage of the FDS console. Also when entering the DN during
the console authentification  allow just the RDN part - i.e. the possibility
to put "john.doe" instead of "uid=john.doe,ou=Engineering,dc=example,dc=com"
in the console authentification dialogue.



2009/4/11 Chavez, James R. <james.chavez at sanmina-sci.com>

> Hello,
> I am looking to use the Directory Server Admin Console similar to how
> the Active Directory user's and Computers tool is used.
> More specifically I would like to create an administrative group with
> permission to perform certain functions such as reset user passwords and
> change certain other attributes. I would like to login to the console
> with these users instead of Directory Manager or admin to limit the
> access and damage that can be done.
>
> I have created a group of users with full access to my suffix with
> ability to add and remove objects. I can do pretty much any operation
> with ldapmodify, ldapadd, ldapdelete from the command line.
>
> However I cannot login to the Directory server console with these users
> to admin the directory.
> If I login as Directory Manager to the admin console and then select
> "login as new user" I am able to login with the users, however the
> Directory is not visible. I do not have the correct access somewhere
> obviously.
>
> How can I configure FDS to allow these users to admin the directory in a
> limited role? I am assuming I need to set aci's in certain places to
> allow logging into the FDS admin server console .
> I am assuming this is possible. I am able to access with a third party
> tool but would like to use the FDS admin console.
>
> Thank you
> James
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090411/70461319/attachment.htm>

More information about the Fedora-directory-users mailing list