Hi Pierre,
One solution is to add an user then add an aci in dn=example,dn=com to allow this user to add entries. Something like:
aci: (targetattr = "*")(version 3.0; aci "user access for xxx script; allow(
all) userdn="ldap:///uid=someone,ou=people,dc=exmaple,dc=people";)
all) userdn="ldap:///uid=someone,ou=people,dc=exmaple,dc=people";)
For more details, see the aci documentation:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/managing_access_control.
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/managing_access_control.
Regards,
Pierre Rogier
On Fri, Sep 9, 2022 at 3:52 PM Pierre Girard <pierre.girard@gerad.ca> wrote:
_______________________________________________Hello,
I looked around and so far I didn't find information on how to add an additional directory manager account.
Or maybe there's a way to create an account that can add entries to dn=example,dn=com, since that would be more limited.
The goal is to have an account that will be different for scripts that we'll be writing to add information in the server.
Any guide on how to do that?
Thanks.
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--
389 Directory Server Development Team
389 Directory Server Development Team
No comments:
Post a Comment