On 09/02/2014 09:34 PM, Chris Whittle wrote:
Ok Dmitri, I got it added using what you sent and the following links
https://git.fedorahosted.org/cgit/slapi-nis.git/tree/doc/sch-getting-started.txt
and
https://www.redhat.com/archives/freeipa-users/2009-August/msg00013.html
I think i'm 90% there with the caveat that I can't seem to see what
permissions I need to give a user to view my NIS "view". Right now
Directory Manager can see it but that is it.
Any ideas?
You got me :-)
I would defer to specialist in this area to solve this problem.
On Tue, Sep 2, 2014 at 9:00 AM, Chris Whittle <cwhi...@gmail.com
<mailto:cwhi...@gmail.com>> wrote:
Thanks Dimitri, before I get too far this rabbit hole (cause it
looks a little scary) let me make sure I get it.
So using Slap-NIS I should be able to create a view into FreeIPA
that would show only a subset of user based on something like a
group or an attribute?
Then using the built in MAC Directory Utility (or any LDAP client)
I should be able to use that Slap-NIS view as a searchbase and it
would return just people I wanted. This could be used keep anyone
outside that view from logging in?
I'm sorry for the noob questions but there isn't a lot of good
documentation on SlapNIS from first glance and I don't want to
spend 2 days figuring it out if it's not going to work.
As always extremely appreciated!
Whitt
On Tue, Sep 2, 2014 at 3:54 AM, Dmitri Pal <d...@redhat.com
<mailto:d...@redhat.com>> wrote:
On 09/02/2014 03:04 AM, Chris Whittle wrote:
I am trying to limit who can login to my macs and I'm having
to stick to what OSX will let me do.
Currently I can only limit users using the searchbase and
right now it's "cn=users,cn=accounts,dc=DOMAIN,dc=com"
This works fine unless I wanted to create a user that I
wanted in LDAP for other purposes but not to login.
So my questions are,
A)Can we create different OUs in FreeIPA like most LDAP servers?
You can use slapi-nis to create an alternative view of the
tree or trees and point your special client to that tree.
There you might be able to expose a small subset of users that
match your special criteria.
The slapi-nis and compat docs are in the doc folder in the
corresponding git repo.
IPA uses compat tree for its own purposes but you can tweak it
if you need or create a different view.
HTH
B)If not anyone have any idea on how I could do this with
OSX's directory Utility?
Thanks!
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
