Add HBAC Rule and Sudo Rule to users as indirect member attributes to simplify the auditing of users for their indirect membership to their authorization rights.
An Administrator should have the ability to quickly identify the rights a user will have in the system. For example. With the patch added, my user show looks like this: # ipa user-show tester --all dn: uid=builder,cn=users,cn=accounts,dc=example,dc=com User login: tester First name: Tester Last name: Engineering Full name: Tester Engineering Display name: Tester Engineering Initials: TE Home directory: /home/tester GECOS field: Tester Engineering Login shell: /bin/sh Kerberos principal: tes...@example.com UID: 1829800388 GID: 1829800388 Account disabled: False Member of groups: ipausers, auto-dev-deploy-tools, build-integration ipauniqueid: 72fa22c6-6085-11e0-9629-0023aefe4ec0 krbpwdpolicyreference: cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com memberofindirect_HBAC rule: development memberofindirect_Sudo Rule: AUTO-dev-deploy-tools_DEPLOY, AUTO-dev-deploy-tools_ZENOSS, build-integration mepmanagedentry: cn=tester,cn=groups,cn=accounts,dc=example,dc=com objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount
binvUKVesFEPZ.bin
Description: freeipa-jraquino-0024-Add-sudorule-and-hbacrule-to-indirectmemberof-attrib.patch
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel