freeipa-extending-ldap-schema-and-ui icon indicating copy to clipboard operation
freeipa-extending-ldap-schema-and-ui copied to clipboard

Published 20 hours ago verified publisher icon radiorabe

Custom Attribute Permissions

Open hydrian opened this issue 2 years ago • 2 comments
trafficstars

The tutorial doesn't cover adding permissions to allow Nextcloud service account read access to the custom attributes.

hydrian avatar Feb 27 '23 16:02 hydrian

i think our FreeIPA doesn't have any ACLs that deny access to the service account we currently use, or it works because we use a "user" account.

in our case it's a regular user in the cn=users,cn=accounts,dc=example,dc=org DN. if you are using a "real" service account in the cn=sysaccounts,cn=etc,dc=example,dc=org DN then it's indeed likely that you'll have to set up additional ACLs.

hairmare avatar Feb 28 '23 23:02 hairmare

I created a new objectClass and attribute. My service account was another user associated with certain groups / policies appropriate with service accounts. The service account user couldn't read the newly created attributes, but the admin accounts could. It may be a difference in FreeIPA 4.9 . I started with 4.9 so I didn't have any grandfathering.

hydrian avatar Mar 02 '23 17:03 hydrian