On 12/16/2014 02:31 PM, Herb Burnswell wrote:
We are running the following versions on RHEL 6.6:
I'm not very experienced with the ldapsearch and would greatly
appreciate some guidance. I'd like to run some ldapsearch's that will
return access information for specific hosts. For example; I'd like
to return what users have access to 'host x' and what sudo rules are
available to these users.
This would be a pretty complex query.
For users you might want to explore HBAC test. That allows checking if a
specific user has access to a host.
I do not think there is something reverse meaning which users can access
There is an HBAC library used on the client or by the tool that helps to
collect all the data and do the evaluation.
May be calling it or its bindings would be more helpful.
For sudo I think we need to have a similar tool that would resolve what
commands a user can run on a given host.
I could not find a ticket. I thought there was one on the IPA side.
In the absence of these tools you would have to join several LDAP searches.
Any assistance is appreciated.
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project