Issue #5974: [RFE] A mechanism to do privileged operations on IPA server based on configuration in LDAP - freeipa

freeipa

#5974 [RFE] A mechanism to do privileged operations on IPA server based on configuration in LDAP

Opened 7 years ago by pvoborni. Modified 5 years ago

Various configuration tasks requires root or directory manager rights and therefore cannot be done from API.

Example:

installation of IPA server component: CA, KRA, ad-trust - #5953
restart of IPA service
configuration of compat tree
adjusting httpd configuration (redirects) and CRL config based on CRL master config

This ticket serves for collecting use cases or tickets(this one as blocking) which requires such feature.

During various discussions this was referred as privileged daemon which would observe some parts of LDAP tree and ,e.g., run various oddjob tasks based on the changes. But let's not force a specific implementation yet.

Metadata Update from @pvoborni:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog

7 years ago

pvoborni commented 7 years ago

Another case: configuration of compat tree, #6882

Metadata Update from @pvoborni:
- Custom field blocking reset (from #5953)
- Issue close_status updated to: None

7 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.5 backlog

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

todo

tester

None

changelog

None

design

None

freeipa

Source Code

#5974 [RFE] A mechanism to do privileged operations on IPA server based on configuration in LDAP Opened 7 years ago by pvoborni. Modified 5 years ago

Close issue as:

Metadata

#5974 [RFE] A mechanism to do privileged operations on IPA server based on configuration in LDAP

Opened 7 years ago by pvoborni. Modified 5 years ago