On Mon, Jul 25, 2016 at 02:13:49PM +0000, Stefan Uygur wrote:
> Hi everyone,
> I am using ipa-server-3.0.0-47.el6_7.2.x86_64 on my redhat 6 and I was
> wondering if there is a way in IPA to list the users, with their group and
> the hosts they can access along with sudo permissions.
>
> This is for auditing purposes and IPA doesn't seem to have a functionality
> that would help rather than performing manual commands to collect all this
> data, which will require quite time.
>
> So I was wondering if anyone had similar needs and how they overcome to this
> issue (knowing that IPA doesn't have auditing part covered).
Not easy per host, but you can install ldbsearch and then check what
sudo rules are fetched by sssd for this host:
# yum install ldb-tools
# ldbsearch -H /var/lib/sss/db/cache_$domain.ldb -b cn=sysdb
objectClass=sudoRule
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
