As you can see in this thread I’m searching for a way to enable a “superuser” to create users but not messing up anything else:
it looks like everything works but using templates when creating users…
so adding every policy (but udm-all) to my custom Group won’t fix it…
but as soon as I add udm-all templates work… so there seems to be the need of a new policy for this…
cna someone give me a hint how I could create this (new policy like “udm-templates” myself?
Hey,
they desired policy can be created like this via CLI or, more appropriate, via a Join script:
univention-directory-manager settings/umc_operationset create \
--position "cn=operations,cn=UMC,cn=univention,$(ucr get ldap/base)" \
--set name=udm-usertemplates \
--set description="UDM - Usertemplates" \
--set flavor=settings/usertemplate \
--set operation="udm/*"
# for script usage
univention-directory-manager settings/umc_operationset create "$@" --ignore_exists \
--position "cn=operations,cn=UMC,cn=univention,$ldap_base" \
--set name=udm-usertemplates \
--set description="UDM - Usertemplates" \
--set flavor=settings/usertemplate \
--set operation="udm/*" || die
For the future: This is Bug #37927, additional info may be found there.
Best regards
Jan-Luca