[Freeipa-devel] Add sudorule and hbacrule to indirectmemberof attributes of user.py
JR Aquino
JR.Aquino at citrix.com
Tue Apr 12 16:45:26 UTC 2011
Add HBAC Rule and Sudo Rule to users as indirect member attributes to simplify the auditing of users for their indirect membership to their authorization rights.
An Administrator should have the ability to quickly identify the rights a user will have in the system.
For example. With the patch added, my user show looks like this:
# ipa user-show tester --all
dn: uid=builder,cn=users,cn=accounts,dc=example,dc=com
User login: tester
First name: Tester
Last name: Engineering
Full name: Tester Engineering
Display name: Tester Engineering
Initials: TE
Home directory: /home/tester
GECOS field: Tester Engineering
Login shell: /bin/sh
Kerberos principal: tester at EXAMPLE.COM
UID: 1829800388
GID: 1829800388
Account disabled: False
Member of groups: ipausers, auto-dev-deploy-tools, build-integration
ipauniqueid: 72fa22c6-6085-11e0-9629-0023aefe4ec0
krbpwdpolicyreference: cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com
memberofindirect_HBAC rule: development
memberofindirect_Sudo Rule: AUTO-dev-deploy-tools_DEPLOY, AUTO-dev-deploy-tools_ZENOSS, build-integration
mepmanagedentry: cn=tester,cn=groups,cn=accounts,dc=example,dc=com
objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jraquino-0024-Add-sudorule-and-hbacrule-to-indirectmemberof-attrib.patch
Type: application/octet-stream
Size: 891 bytes
Desc: freeipa-jraquino-0024-Add-sudorule-and-hbacrule-to-indirectmemberof-attrib.patch
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110412/283a1226/attachment.obj>
More information about the Freeipa-devel
mailing list