On Apr 12, 2011, at 9:45 AM, JR Aquino wrote: > Add HBAC Rule and Sudo Rule to users as indirect member attributes to > simplify the auditing of users for their indirect membership to their > authorization rights. > > An Administrator should have the ability to quickly identify the rights a > user will have in the system. > > For example. With the patch added, my user show looks like this: > > # ipa user-show tester --all > dn: uid=builder,cn=users,cn=accounts,dc=example,dc=com > User login: tester > First name: Tester > Last name: Engineering > Full name: Tester Engineering > Display name: Tester Engineering > Initials: TE > Home directory: /home/tester > GECOS field: Tester Engineering > Login shell: /bin/sh > Kerberos principal: tes...@example.com > UID: 1829800388 > GID: 1829800388 > Account disabled: False > Member of groups: ipausers, auto-dev-deploy-tools, build-integration > ipauniqueid: 72fa22c6-6085-11e0-9629-0023aefe4ec0 > krbpwdpolicyreference: > cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com > memberofindirect_HBAC rule: development > memberofindirect_Sudo Rule: AUTO-dev-deploy-tools_DEPLOY, > AUTO-dev-deploy-tools_ZENOSS, build-integration > mepmanagedentry: cn=tester,cn=groups,cn=accounts,dc=example,dc=com > objectclass: top, person, organizationalperson, inetorgperson, inetuser, > posixaccount > > <freeipa-jraquino-0024-Add-sudorule-and-hbacrule-to-indirectmemberof-attrib.patch>_______________________________________________ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel
OPPS, forgot to have PATCH in the subject. _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
