No im looking at this in a fairly agnostic way.....what I am looking for are
real world scenarios that I can test potential LDAP type solutions against to
determine the best for our needs....but you are right the sssd link in is a
I have to prove to my management which solution is the best....I have an uphill
struggle as they want to use AD but they also want all the bells and whistles,
except they dont know what that means.....so I need to construct test cases
where I can say here are (say) 5 cases, I want to get them to sign off on as
what they want.....
So I need to use logic against their gut feel.....or I'll end up managing a
pile of crap....
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: Sigbjorn Lie [sigbj...@nixtra.com]
Sent: Monday, 5 September 2011 9:29 p.m.
To: Steven Jones
Subject: Re: [Freeipa-users] Test scenario
On Mon, September 5, 2011 00:08, Steven Jones wrote:
>> From evaluation purposes I am looking to write test cases to evaluate
>> authentication products
>> so here is one I am thinking of.
>> From what I can see of IPA it would be fairly easy to implement centrally?
> Lets say I have four users Linux users who are in AD...all on the same
> How would (or is it possible) to set them up so user A can ssh to certain
> remote servers (group
> A), but user B cannot get to the group A servers. At the same time user B can
> get to Group B
> servers but A cannot.....In addition to that User C is an admin and he can
> get to both groups A
> and B.....User D in the meantime cannot get to A or B groups.....but can ssh
> out to the
> Internet......as can A, B and C.
> Does anyone have any others that are real world situations that I can use as
> test cases?
I presume you're referring to your AD users after they've been sync'ed to a IPA
Use Host Based Group Access if the servers are running SSSD, or use old
fashioned netgroups if
your servers does not run SSSD.
Freeipa-users mailing list