Hello,
can someone help me please about that?
Thanks
________________________________
Hello All,
I would like to profile ACLs in order to let some users manage their own OU via Console. Example: -OUone | USERone, USERtwo, USERthree -OUtwo | USERfour, USERfive -OUthree | USERsix, USERseven, USEReight
In every OU I have many users, but I would like to give console access to one user x OU and let them manage their own OU without list and manage the other OUs.
USERone can add or remove users ONLY for OUone USERfour can add or remove users ONLY for OUtwo USERsix can add or remove users ONLY for OUthree
Thanks!!
Andrea
________________________________
-- The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
Hie
Hello,
can someone help me please about that?
Thanks
Hello All,
I would like to profile ACLs in order to let some users manage their own OU via Console. Example: -OUone | USERone, USERtwo, USERthree -OUtwo | USERfour, USERfive -OUthree | USERsix, USERseven, USEReight
In every OU I have many users, but I would like to give console access to one user x OU and let them manage their own OU without list and manage the other OUs.
USERone can add or remove users ONLY for OUone USERfour can add or remove users ONLY for OUtwo USERsix can add or remove users ONLY for OUthree
Thanks!!
Andrea
Below acl's will help you to achieve the same.
aci: (targetattr = "*") (target = "ldap:///ou=ouone,dc=example,dc=com") (versi on 3.0;acl "user_one";allow (all,proxy)(userdn = "ldap:///uid=userone,ou=Peo ple,dc=example,dc=com");) aci: (targetattr = "*") (target = "ldap:///ou=outwo,dc=example,dc=com") (versi on 3.0;acl "user_four";allow (all)(userdn = "ldap:///uid=userfour,ou=People, dc=example,dc=com");) aci: (targetattr = "*") (target = "ldap:///ou=outhree,dc=example,dc=com") (ver sion 3.0;acl "user_six";allow (all)(userdn = "ldap:///uid=usersix,ou=People, dc=example,dc=com");)
It says uid=userone,ou=People,dc=example,dc=com can write in ou=ouone,dc=example,dc=com & uid=userfour,ou=People,dc=example,dc=com can write in ou=outwo,dc=example,dc=com & uid=usersix,ou=People,dc=example,dc=com can write in ou=outhree,dc=example,dc=com
Example # entry-id: 19 dn: uid=utest,ou=ouone,dc=example,dc=com uid: utest givenName: user objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson sn: test cn: user test userPassword: {MD5}4nmK8Sp6D09wtNae+8JfTQ== creatorsName: uid=userone,ou=people,dc=example,dc=com <---------- created as per ACI modifiersName: uid=userone,ou=people,dc=example,dc=com createTimestamp: 20120227201512Z modifyTimestamp: 20120227201512Z nsUniqueId: ad0ee181-617f11e1-bd04f4a7-338b5e96
Regards Arpit Tolani
We have two instances of 389 that were installed with the setup-ds-admin.pl script, and they both have unique admin servers. Is there a way to manage them both with the same admin server? If so, how is this accomplished.
Thanks!
Josh
Hi Basically you need to share the same admin database... so the admin database needs to be multi mastered( well strictly not but could be) . There was a wiki page on this but I could not find it.
So you use setup-ds-admin.pl for the first server and then for the second server you would use setup-ds.pl which you then use to register your instance against the existing admin db.
Regards
On 27 February 2012 16:39, Ellsworth, Josh < jellsworth@primaticsfinancial.com> wrote:
We have two instances of 389 that were installed with the setup-ds-admin.pl script, and they both have unique admin servers. Is there a way to manage them both with the same admin server? If so, how is this accomplished.****
Thanks!****
Josh****
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
The issue that I am having is that both are already set up. I need to change the associated admin server for one of them.
From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Gerhardus Geldenhuis Sent: Monday, February 27, 2012 11:50 AM To: General discussion list for the 389 Directory server project. Subject: Re: [389-users] managing 389 with a different admin server
Hi
Basically you need to share the same admin database... so the admin database needs to be multi mastered( well strictly not but could be) . There was a wiki page on this but I could not find it.
So you use setup-ds-admin.pl for the first server and then for the second server you would use setup-ds.pl which you then use to register your instance against the existing admin db.
Regards
On 27 February 2012 16:39, Ellsworth, Josh jellsworth@primaticsfinancial.com wrote:
We have two instances of 389 that were installed with the setup-ds-admin.pl script, and they both have unique admin servers. Is there a way to manage them both with the same admin server? If so, how is this accomplished.
Thanks!
Josh
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
The solution was to run setup-ds-admin.pl -u. That changed all the settings for me.
From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Ellsworth, Josh Sent: Monday, February 27, 2012 11:52 AM To: General discussion list for the 389 Directory server project. Subject: Re: [389-users] managing 389 with a different admin server
The issue that I am having is that both are already set up. I need to change the associated admin server for one of them.
From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Gerhardus Geldenhuis Sent: Monday, February 27, 2012 11:50 AM To: General discussion list for the 389 Directory server project. Subject: Re: [389-users] managing 389 with a different admin server
Hi
Basically you need to share the same admin database... so the admin database needs to be multi mastered( well strictly not but could be) . There was a wiki page on this but I could not find it.
So you use setup-ds-admin.pl for the first server and then for the second server you would use setup-ds.pl which you then use to register your instance against the existing admin db.
Regards
On 27 February 2012 16:39, Ellsworth, Josh jellsworth@primaticsfinancial.com wrote:
We have two instances of 389 that were installed with the setup-ds-admin.pl script, and they both have unique admin servers. Is there a way to manage them both with the same admin server? If so, how is this accomplished.
Thanks!
Josh
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
I am trying to set up replication between 2 389 servers. The master is running the following packages:
389-admin.x86_64 1.1.16-1.el5 installed
389-admin-console.noarch 1.1.7-1.el5 installed
389-admin-console-doc.noarch 1.1.7-1.el5 installed
389-adminutil.x86_64 1.1.13-1.el5 installed
389-console.noarch 1.1.4-1.el5 installed
389-ds.noarch 1.2.1-1.el5 installed
389-ds-base.x86_64 1.2.8.3-1.el5 installed
389-ds-base-libs.x86_64 1.2.8.3-1.el5 installed
389-ds-console.noarch 1.2.5-1.el5 installed
389-ds-console-doc.noarch 1.2.5-1.el5 installed
389-dsgw.x86_64 1.1.6-1.el5 installe
The slave is a centos 6 box that has 1.2.9.2. I am getting the following error when I try to initialize:
import userRoot: WARNING: bad entry: ID xxx
Any idea how I can get around this?
On 03/01/2012 04:53 PM, Ellsworth, Josh wrote:
I am trying to set up replication between 2 389 servers. The master is running the following packages:
389-admin.x86_64 1.1.16-1.el5 installed
389-admin-console.noarch 1.1.7-1.el5 installed
389-admin-console-doc.noarch 1.1.7-1.el5 installed
389-adminutil.x86_64 1.1.13-1.el5 installed
389-console.noarch 1.1.4-1.el5 installed
389-ds.noarch 1.2.1-1.el5 installed
389-ds-base.x86_64 1.2.8.3-1.el5 installed
389-ds-base-libs.x86_64 1.2.8.3-1.el5 installed
389-ds-console.noarch 1.2.5-1.el5 installed
389-ds-console-doc.noarch 1.2.5-1.el5 installed
389-dsgw.x86_64 1.1.6-1.el5 installe
The slave is a centos 6 box that has 1.2.9.2. I am getting the following error when I try to initialize:
import userRoot: WARNING: bad entry: ID xxx
Any idea how I can get around this?
Not sure, but try 389-ds-base 1.2.10.2 instead.
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Thanks, and what about the Java Console? What I need is deliver a procedure using the console and not via command line.
Thanks a lot!
Il giorno 27/feb/2012, alle ore 13:25, Arpit Tolani ha scritto:
Hie
Hello,
can someone help me please about that?
Thanks
________________________________
Hello All,
I would like to profile ACLs in order to let some users manage their own OU via Console. Example: -OUone | USERone, USERtwo, USERthree -OUtwo | USERfour, USERfive -OUthree | USERsix, USERseven, USEReight
In every OU I have many users, but I would like to give console access to one user x OU and let them manage their own OU without list and manage the other OUs.
USERone can add or remove users ONLY for OUone USERfour can add or remove users ONLY for OUtwo USERsix can add or remove users ONLY for OUthree
Thanks!!
Andrea
Below acl's will help you to achieve the same.
aci: (targetattr = "*") (target = "ldap:///ou=ouone,dc=example,dc=com") (versi on 3.0;acl "user_one";allow (all,proxy)(userdn = "ldap:///uid=userone,ou=Peo ple,dc=example,dc=com");) aci: (targetattr = "*") (target = "ldap:///ou=outwo,dc=example,dc=com") (versi on 3.0;acl "user_four";allow (all)(userdn = "ldap:///uid=userfour,ou=People, dc=example,dc=com");) aci: (targetattr = "*") (target = "ldap:///ou=outhree,dc=example,dc=com") (ver sion 3.0;acl "user_six";allow (all)(userdn = "ldap:///uid=usersix,ou=People, dc=example,dc=com");)
It says uid=userone,ou=People,dc=example,dc=com can write in ou=ouone,dc=example,dc=com & uid=userfour,ou=People,dc=example,dc=com can write in ou=outwo,dc=example,dc=com & uid=usersix,ou=People,dc=example,dc=com can write in ou=outhree,dc=example,dc=com
Example # entry-id: 19 dn: uid=utest,ou=ouone,dc=example,dc=com uid: utest givenName: user objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson sn: test cn: user test userPassword: {MD5}4nmK8Sp6D09wtNae+8JfTQ== creatorsName: uid=userone,ou=people,dc=example,dc=com <---------- created as per ACI modifiersName: uid=userone,ou=people,dc=example,dc=com createTimestamp: 20120227201512Z modifyTimestamp: 20120227201512Z nsUniqueId: ad0ee181-617f11e1-bd04f4a7-338b5e96
Regards Arpit Tolani -- 389 users mailing list 389-users@lists.fedoraproject.orgmailto:389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
________________________________
-- The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
Hie
2012/2/27 Argentin Andrea Luigi a.argentin@reply.it
Thanks, and what about the Java Console? What I need is deliver a procedure using the console and not via command line.
Thanks a lot!
Il giorno 27/feb/2012, alle ore 13:25, Arpit Tolani ha scritto:
This is for java console only. One you have added above aci. Login using your user "uid=userone,ou=People,dc=example,dc=com" into java console.
- Go to Users & groups tab. - click on Create button situated in bottom select user - Select ou you want to create user & press OK - Give user details & Press OK
Thats it, your user is created. How to add a aci, check below link. http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/A...
Regards Arpit Tolani
389-users@lists.fedoraproject.org