Hi Rob,

thank you for this clarification, it’s highly appreciated.

Best regards,

Tom




From: Rob Crittenden via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
Reply: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Date: 19 July 2017 at 20:57:18
To: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Cc: Thomas Handler <cdth@gmx.net>, Rob Crittenden <rcritten@redhat.com>
Subject:  [Freeipa-users] Re: Question regarding filtering of users seen by managing users

Thomas Handler via FreeIPA-users wrote:
> Dear all,
>
> I have installed FreeIPA and try to learn about the concepts.
>
> I’ve been looking around, reading documents that I found and searched
> but did not find any useful hints how to configure FreeIPA to solve my
> problem I describe below.
>
> Any hints will be greatly appreciated!
>
> I’m looking for a solution of the following:
>
> Given an organizationm let’s call it IT-Company. This organization has a
> couple of administrators which are repsonsible for maintaining users and
> hosts of the organization on FreeIPA. But IT-Company also has customers
> for whom it hosts some machines and some user accounts.
>
> Each of these customers should be able to manage their own users but
> they should not see users and hosts outside their scope.
>
> I found messages explaining the restrictions that inhibit users
> managing/changing anything outside their scope but I did not find
> anything showing how to filter the users/hosts shown to them.
>
> Can this be done with FreeIPA and if so how?
>

IPA doesn't support multi-tenancy so no, this isn't possible.

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org