No im looking at this in a fairly agnostic way.....what I am looking for are 
real world scenarios that I can test potential LDAP type solutions against to 
determine the best for our needs....but you are right the sssd link in is a 
killer......

BUT

I have to prove to my management which solution is the best....I have an uphill 
struggle as they want to use AD but they also want all the bells and whistles, 
except they dont know what that means.....so I need to construct test cases 
where I can say here are (say) 5 cases, I want to get them to sign off on as 
what they want.....

So I need to use logic against their gut feel.....or I'll end up managing a 
pile of crap....

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Sigbjorn Lie [sigbj...@nixtra.com]
Sent: Monday, 5 September 2011 9:29 p.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Test scenario

On Mon, September 5, 2011 00:08, Steven Jones wrote:
> Hi,
>
>
>> From evaluation purposes I am looking to write test cases to evaluate 
>> authentication products
>> so here is one I am thinking of.
>
>> From what I can see of IPA it would be fairly easy to implement centrally?
>>
>
> Lets say I have four users Linux users who are in AD...all on the same 
> server/workstation.
>
>
> How would (or is it possible) to set them up so user A can ssh to certain 
> remote servers (group
> A), but user B cannot get to the group A servers. At the same time user B can 
> get to Group B
> servers but A cannot.....In addition to that User C is an admin and he can 
> get to both groups A
> and B.....User D in the meantime cannot get to A or B groups.....but can ssh 
> out to the
> Internet......as can A, B and C.
>
>
> Does anyone have any others that are real world situations that I can use as 
> test cases?
>

I presume you're referring to your AD users after they've been sync'ed to a IPA 
instance...?

Use Host Based Group Access if the servers are running SSSD, or use old 
fashioned netgroups if
your servers does not run SSSD.

http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/configuring-host-access.html


Regards,
Siggi

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to