Bug 978086 - RFE: manage system accounts (bind accounts) in the FreeIPA CLI and web UI
RFE: manage system accounts (bind accounts) in the FreeIPA CLI and web UI
Status: NEW
Product: Fedora
Classification: Fedora
Component: freeipa (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Rob Crittenden
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-25 20:22 EDT by David Jaša
Modified: 2016-12-14 15:24 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Jaša 2013-06-25 20:22:06 EDT
Description of problem:
Look at these howtos:
http://www.freeipa.org/page/Zimbra_Collaboration_Server_7.2_Authentication_and_GAL_lookups_against_FreeIPA#Prerequisite:
http://www.freeipa.org/page/EJabberd_Integration_with_FreeIPA_using_LDAP_Group_memberships#Create_Bind_account_in_FreeIPA
They both describe system account creation in the manual way, which means that the step is needlesly error-prone, and any subsequent operation (user modification, password change, ..., user deletion) needs to be done using low-level ldap tools as well.

FreeIPA should have these options integrated in the CLI and web UI to prevent errors and behave consistently.

The integration of management of these accounts would make more RFEs self-evident, such as:
  * configuration of other means of authentication for these bind accounts such as using client certificates
  * make it possible to delegate these users management to some user/group

Version-Release number of selected component (if applicable):
3.2.0

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Martin Kosek 2013-06-26 04:29:18 EDT
Right, this is a reasonable RFE. I will link it with a current upstream ticket that was filed in the past for this.
Comment 2 Martin Kosek 2013-06-26 04:29:57 EDT
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2801
Comment 3 Ian Tewksbury 2016-12-14 15:24:09 EST
+1 for this.

Note You need to log in before you can comment on or make changes to this bug.