On 12/17/2014 01:05 PM, Herb Burnswell wrote:
Dimitry,

Thank you for your response. I don't necessarily need to do everything in a single query. I'm just interested in understanding how to output the information I need and I can adjust the queries accordingly. I.E. where is the information saved: cn=sudoers, where sudo info is saved, etc.

For example; Does anyone know how I can do an ldapsearch to output all the sudo rules in the format we would see in /etc/sudoers file? I have to imagine that the rules are just saved in the database to allow for sudo on the local systems to read.

Hi,

There is internal schema and external schema. The external one is visible via ou=sudoers,...


The overall design of SUDO support is here:
http://www.freeipa.org/page/FreeIPAv2:SUDO_integration_plans
The schema design is here: http://www.freeipa.org/page/FreeIPAv2:SUDO_Schema_Design


Slides
http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf



Thanks,

Herb

On Tue, Dec 16, 2014 at 11:31 AM, Herb Burnswell <herbert.burnsw...@gmail.com <mailto:herbert.burnsw...@gmail.com>> wrote:

    All,

    We are running the following versions on RHEL 6.6:

    ipa-server.x86_64   3.0.0-42.el6
    389-ds.noarch        1.2.2-1.el6

    I'm not very experienced with the ldapsearch and would greatly
    appreciate some guidance.  I'd like to run some ldapsearch's that
    will return access information for specific hosts.  For example;
    I'd like to return what users have access to 'host x' and what
    sudo rules are available to these users.

    Any assistance is appreciated.

    TIA,

    Herb





--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to