Something declarative which can be version controlled and considered a "source of truth" and driven from configuration management (chef, puppet, ansible - whatever your flavor)
A scheme to reconcile account properties, group memberships, permissions, etc... I could see how this would be a slippery slope because of the depth of groupings/permissions/etc... but a version-controlled declarative user config gives a nice record for auditors (When did mike get an account, who granted access to him, when did he get access, what other access has he had over the last year... etc..) ~~ Pseudo declaraion ipa_user: mike uid: mlosapio first_name: mike last_name: losapio On Wed, Aug 3, 2016 at 1:56 PM, Martin Basti <[email protected]> wrote: > > > On 01.08.2016 22:50, Mike LoSapio wrote: >> >> Hi there, >> >> Is there anyone out there with a good system for storing users, >> groups, hosts, etc.. in some sort of version controlled repo w/ flat >> files that could plug into "two-man" workflows for user-account >> creation and privilege/group membership changes, etc. >> >> There's some github projects out there to help installing FreeIPA >> server and a few to get clients up and running, but nothing (that I >> could find) for the on-going management of FreeIPA resources. >> >> >> >> So in puppet world (just as an example) - I'd be looking for something >> like a puppet-defined-type freeipa_user with all the attributes >> required and more-importantly all the code-glue that puts it all >> together... >> >> >> Figured I'd ask if there if there's anything already out there before >> I re-invent the wheel. >> >> >> TIA, >> --Mike >> > Hello, > > sorry but I don't understand what you exactly need, can you be more > specific? Do you need a script that provision users? > > Martin > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
