Dear all,
I have installed FreeIPA and try to learn about the concepts.
I’ve been looking around, reading documents that I found and searched but did not find any useful hints how to configure FreeIPA to solve my problem I describe below.
Any hints will be greatly appreciated!
I’m looking for a solution of the following:
Given an organizationm let’s call it IT-Company. This organization has a couple of administrators which are repsonsible for maintaining users and hosts of the organization on FreeIPA. But IT-Company also has customers for whom it hosts some machines and some user accounts.
Each of these customers should be able to manage their own users but they should not see users and hosts outside their scope.
I found messages explaining the restrictions that inhibit users managing/changing anything outside their scope but I did not find anything showing how to filter the users/hosts shown to them.
Can this be done with FreeIPA and if so how?
Thank you for any hints,
best regards
Thomas
Thomas Handler via FreeIPA-users wrote:
Dear all,
I have installed FreeIPA and try to learn about the concepts.
I’ve been looking around, reading documents that I found and searched but did not find any useful hints how to configure FreeIPA to solve my problem I describe below.
Any hints will be greatly appreciated!
I’m looking for a solution of the following:
Given an organizationm let’s call it IT-Company. This organization has a couple of administrators which are repsonsible for maintaining users and hosts of the organization on FreeIPA. But IT-Company also has customers for whom it hosts some machines and some user accounts.
Each of these customers should be able to manage their own users but they should not see users and hosts outside their scope.
I found messages explaining the restrictions that inhibit users managing/changing anything outside their scope but I did not find anything showing how to filter the users/hosts shown to them.
Can this be done with FreeIPA and if so how?
IPA doesn't support multi-tenancy so no, this isn't possible.
rob
Hi Rob,
thank you for this clarification, it’s highly appreciated.
Best regards,
Tom
From: Rob Crittenden via FreeIPA-users freeipa-users@lists.fedorahosted.org Reply: FreeIPA users list freeipa-users@lists.fedorahosted.org Date: 19 July 2017 at 20:57:18 To: FreeIPA users list freeipa-users@lists.fedorahosted.org Cc: Thomas Handler cdth@gmx.net, Rob Crittenden rcritten@redhat.com Subject: [Freeipa-users] Re: Question regarding filtering of users seen by managing users
Thomas Handler via FreeIPA-users wrote:
Dear all,
I have installed FreeIPA and try to learn about the concepts.
I’ve been looking around, reading documents that I found and searched but did not find any useful hints how to configure FreeIPA to solve my problem I describe below.
Any hints will be greatly appreciated!
I’m looking for a solution of the following:
Given an organizationm let’s call it IT-Company. This organization has a couple of administrators which are repsonsible for maintaining users and hosts of the organization on FreeIPA. But IT-Company also has customers for whom it hosts some machines and some user accounts.
Each of these customers should be able to manage their own users but they should not see users and hosts outside their scope.
I found messages explaining the restrictions that inhibit users managing/changing anything outside their scope but I did not find anything showing how to filter the users/hosts shown to them.
Can this be done with FreeIPA and if so how?
IPA doesn't support multi-tenancy so no, this isn't possible.
rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
freeipa-users@lists.fedorahosted.org
-
Rob Crittenden -
Thomas Handler