On 12/16/2014 02:31 PM, Herb Burnswell wrote:

We are running the following versions on RHEL 6.6:

ipa-server.x86_64   3.0.0-42.el6
389-ds.noarch        1.2.2-1.el6

I'm not very experienced with the ldapsearch and would greatly appreciate some guidance. I'd like to run some ldapsearch's that will return access information for specific hosts. For example; I'd like to return what users have access to 'host x' and what sudo rules are available to these users.

This would be a pretty complex query.

For users you might want to explore HBAC test. That allows checking if a specific user has access to a host. I do not think there is something reverse meaning which users can access a host.

There is an HBAC library used on the client or by the tool that helps to collect all the data and do the evaluation.
May be calling it or its bindings would be more helpful.

For sudo I think we need to have a similar tool that would resolve what commands a user can run on a given host.
I could not find a ticket. I thought there was one on the IPA side.

In the absence of these tools you would have to join several LDAP searches.

Any assistance is appreciated.



Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to