Bug 479176 - Admin access to configuration partition
Admin access to configuration partition
Product: freeIPA
Classification: Community
Component: ipa-server (Show other bugs)
All Linux
low Severity medium
: v2 release
: ---
Assigned To: Rob Crittenden
Ben Levenson
Depends On:
Blocks: 431020
  Show dependency treegraph
Reported: 2009-01-07 14:02 EST by Simo Sorce
Modified: 2015-01-21 07:31 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-01-21 07:31:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Simo Sorce 2009-01-07 14:02:15 EST
With IPA 1.x access to the configuration partition is permitted only for "cn=Directory Manager", for some common operations like creating replicas or in future configuration changes to some of the plugins (like DNA) it would be better to let admin have select write access and read access to parts on cn=config

We should add proper ACIs during v2 timeframe.

This will also allow better access to these configuration changes from the web ui.
Comment 2 Rob Crittenden 2010-09-14 12:47:50 EDT
The delete and manage agreements can be done but new agreements can not be created yet.
Comment 3 Dmitri Pal 2011-10-06 11:12:54 EDT
Upstream ticket:
Comment 5 Martin Kosek 2015-01-21 07:31:12 EST
Thank you taking your time and submitting this request for FreeIPA in Fedora. Unfortunately, this bug was not given a priority and was deferred both in Fedora and in the upstream FreeIPA project.

Given that we are unable to fulfill this request in following Fedora releases, I am closing the Bugzilla as DEFERRED. To request re-consideration of this decision please reopen this Bugzilla and provide additional technical details about its importance to you.

Note that you can still track this request or even contribute patches in the referred upstream Trac ticket.

Note You need to log in before you can comment on or make changes to this bug.