While RTFM is always best option. But initially I have struggled a lot to understand ACI stuff :-), and I am no expert on that yet.
if you like some examples then, You could design it many ways, one way could be, 1. Create an Organization unit say Service Team, 2. Create a Service_manager uid, or make any one of the Service Team member that. If you have all Linux/Unix system, then you could have POSIX group called "ServiceTeam", The ACL will look like this. aci: ((target="ldaps:///ou=Service Team,dc=example,dc=com) version 3.0; acl "Support Manager"; allow (all) userdn="ldaps:///uid=support_manager,ou=people,dc=example,dc=come";) Basically aforesaid ACI stating, if you login as uid=support_manager, you have allow(all) access to Service Team Organization unit. I would recommend to use GUI and copy paste the ACI, because GUI does not allow all kind of ACIs. Thanks, Chandan On Tuesday, March 12, 2013, Mark Reynolds wrote: > Elizabeth, > > Please look at: > > https://access.redhat.com/**knowledge/docs/en-US/Red_Hat_** > Directory_Server/9.0/html/**Administration_Guide/Advanced_** > Entry_Management-Using_Roles.**html<https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Advanced_Entry_Management-Using_Roles.html> > > Regards, > Mark > > On 03/12/2013 10:46 AM, Elizabeth Jones wrote: > >> Can anyone point me towards any documentation or examples on creating and >> using roles? I am hoping to set up a role for our service desk users so >> they can add/delete users, but I need to have them login as themselves so >> we can track them. I have an aci that I created that would allow them to >> do this but I don't want to put the aci directly on specific user accounts >> if i can avoid it. >> >> thanks - >> Elizabeth J >> >> >> -- >> 389 users mailing list >> 389-us...@lists.fedoraproject.org >> https://admin.fedoraproject.**org/mailman/listinfo/389-users<https://admin.fedoraproject.org/mailman/listinfo/389-users> >> > > -- > Mark Reynolds > Red Hat, Inc > mreyno...@redhat.com > > -- > 389 users mailing list > 389-us...@lists.fedoraproject.org > https://admin.fedoraproject.**org/mailman/listinfo/389-users<https://admin.fedoraproject.org/mailman/listinfo/389-users> -- -- http://about.me/chandank
-- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
