On 15.4.2013 15:39, Rob Crittenden wrote:
There is no easy way to do this. We start with granting all authenticated
users read access to the tree with the exception of certain attributes (like
passwords).
You'd have to start by removing that, then one by one granting read access to
the various containers based on, well, something.
Would it be possible to create a new role to allow current 'read-all access'
and add this role to all users by default?
It could be much simpler to change the behaviour with this role, or not? :-)
--
Petr Spacek
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
