On Thu, Jul 11, 2013 at 5:19 PM, Dmitri Pal <d...@redhat.com> wrote:

> I am not good with ldap syntax but SQL natural for me so conceptually the
> search would look like this:
I don't think it's humanly possible to be good at ldap syntax.

> I hope it conveys what I have in mind. The result of such search would be
> a list of group members that have access to the host.
> This is pretty close to what you have done except it covers nested groups
> too and uses HBAC rules.
I haven't had any luck with nested groups at all anyway, so I avoid using
them.  I may give this idea some more thought.  Thanks.

> Private. I made a typo. It should have been V :-)
Ah, ok. :)
The government is going to read our mail anyway, might as well make it
tough for them.  GPG Public key ID:  B6A1A7C6
Freeipa-users mailing list

Reply via email to