[Freeipa-devel] [PATCH] 24 Add sudorule and hbacrule to indirectmemberof attributes of user.py
JR Aquino
JR.Aquino at citrix.com
Tue Apr 12 16:56:09 UTC 2011
On Apr 12, 2011, at 9:45 AM, JR Aquino wrote:
> Add HBAC Rule and Sudo Rule to users as indirect member attributes to simplify the auditing of users for their indirect membership to their authorization rights.
>
> An Administrator should have the ability to quickly identify the rights a user will have in the system.
>
> For example. With the patch added, my user show looks like this:
>
> # ipa user-show tester --all
> dn: uid=builder,cn=users,cn=accounts,dc=example,dc=com
> User login: tester
> First name: Tester
> Last name: Engineering
> Full name: Tester Engineering
> Display name: Tester Engineering
> Initials: TE
> Home directory: /home/tester
> GECOS field: Tester Engineering
> Login shell: /bin/sh
> Kerberos principal: tester at EXAMPLE.COM
> UID: 1829800388
> GID: 1829800388
> Account disabled: False
> Member of groups: ipausers, auto-dev-deploy-tools, build-integration
> ipauniqueid: 72fa22c6-6085-11e0-9629-0023aefe4ec0
> krbpwdpolicyreference: cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com
> memberofindirect_HBAC rule: development
> memberofindirect_Sudo Rule: AUTO-dev-deploy-tools_DEPLOY, AUTO-dev-deploy-tools_ZENOSS, build-integration
> mepmanagedentry: cn=tester,cn=groups,cn=accounts,dc=example,dc=com
> objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount
>
> <freeipa-jraquino-0024-Add-sudorule-and-hbacrule-to-indirectmemberof-attrib.patch>_______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
OPPS, forgot to have PATCH in the subject.
More information about the Freeipa-devel
mailing list