On 02/15/2013 10:31 PM, Dmitri Pal wrote:
On 02/15/2013 09:17 AM, Rodney L. Mercer wrote:

On Thu, 2013-02-14 at 21:44 +0100, Sigbjorn Lie wrote:
I agree with schema support being enough for now. I do not expect the
ipa mgmt tools to support Solaris rbac mgmt.

The ipa mgmt tools are great, but I already have other data in the ipa
ldap that I have to manage manually anyway.


Rob Crittenden <rcrit...@redhat.com> wrote:
         Dag Wieers wrote:
                 On Thu, 14 Feb 2013, Rob Crittenden wrote:

                         Sigbjorn Lie wrote:
                                 On 02/13/2013 04:10 PM, Rob Crittenden wrote:

                                                 Also since we also require 
compatibility with Solaris, and roles
                                                 is currently used on Solaris, 
does IPA support RBAC on Solar
                                                  is ?
                                                 noticed that RBAC mentioned in 
the IPA web interface only
                                 relates to > >  IPA
                                                 No, IPA doesn't support RBAC 
on Solaris.

                                 I've come across the same issue. This is just 
a matter of extending the

                                 Would there be any interest for adding the 
Solaris RBAC schema as a
                                 of the standard IPA distributed LDAP schemas?

Consider the following: What else would have to be put in to support
Once the schema is established, can SSSD be extended to use this and
potentially be referenced in nsswitch.conf as it is implemented on
Solaris? IE:
tail -5 /etc/nsswitch.conf
user_attr:  sssd
auth_attr:  sssd
prof_attr:  sssd
exec_attr:  sssd
project:    sssd

Before we define how it is passed/exposed it would nice to understand
who on Linux will be consuming it out of SSSD?

I don't think Linux would consume these attributes. They are specific to the Role Based Access Control solution implemented in Solaris.


Freeipa-users mailing list

Reply via email to