Super Tony via FreeIPA-users wrote: > Hi, > > I have an IPA server running on RHEL 8.8. I added a subtree on top of my > domain - cn=Multicast,dc=example,dc=com, and I need to be able to query > anonymously for things that live underneath cn=Multicast, and give users that > belong to cn=x500,cn=groups,cn=accounts,dc=example,dc=com write access. > > I am able to add ACI the traditional way against dn: > cn=Multicast,dc=example,dc=com and make anonymous search plus write access > work if I add it via ldapadd, however, I am unable to make it work the way I > want it if I add the ACI via IPA Permissions from the IPA admin GUI. > > What am I missing here?
It's impossible to say without seeing what you've done. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue