I wish to configure the IdM server so that the only user that can view user information via the ipa UI or the CLI is the admin - I happy for users to be able to see their own information.
Is there a tutorial anywhere that explains how to do this?
Using RHEL 7.4 I have set-up a replicating pair of IdM servers to manage the authentication within a system. Users of the system need only interact directly with IdM when resetting their password using the reset_password.html but there is nothing preventing the user logging in to the UI or accessing the CLI where the transparent nature of the LDAP Directory Server means that they see not only their own personal information but also that of other users. This is a big problem for us as it contravenes our security protocol; no user should be able to see any information pertaining to another.