Hi everyone,
I am wandering if there is a way to restrict a user that is purely for
binding an external application to only be able to search within a group
but enforced at the ipa server level.
For example, we use Odoo ERP it has an LDAP module which we want to be
able to restrict the users that login to the group lets call it
"odoo-users" for example.
Now if I bind to a normal user or heavens forbid the admin user it could
potentially source users that I don't want to have access. Odoo does
allow query filters like most LDAP implementations but it would be too
easy for someone to change the query filter for my liking.
I looked at permissions and feel this may be the way to go but from what
i can see the documentation is abandoned in favor of the RHEL handbook.
(We use Fedora 36 on VPS's).
Does anyone have any pointers on how I can securely implement this on
the server side to ensure that anyone else can't override the users
available on the external application?
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
