<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 12/16/2014 02:31 PM, Herb Burnswell
wrote:<br>
</div>
<blockquote
cite="mid:CAOuzmw4h0SUaduyppTmTMmiLVyTDeS5kXZ659g=L6zQdV7a+VQ@mail.gmail.com"
type="cite">
<div dir="ltr">All,
<div><br>
</div>
<div>We are running the following versions on RHEL 6.6:</div>
<div><br>
</div>
<div>ipa-server.x86_64 3.0.0-42.el6<br>
</div>
<div>389-ds.noarch 1.2.2-1.el6<br>
</div>
<div><br>
</div>
<div>I'm not very experienced with the ldapsearch and would
greatly appreciate some guidance. I'd like to run some
ldapsearch's that will return access information for specific
hosts. For example; I'd like to return what users have access
to 'host x' and what sudo rules are available to these users.</div>
<div><br>
</div>
</div>
</blockquote>
<br>
This would be a pretty complex query.<br>
<br>
For users you might want to explore HBAC test. That allows checking
if a specific user has access to a host.<br>
I do not think there is something reverse meaning which users can
access a host.<br>
<br>
There is an HBAC library used on the client or by the tool that
helps to collect all the data and do the evaluation.<br>
May be calling it or its bindings would be more helpful.<br>
<br>
For sudo I think we need to have a similar tool that would resolve
what commands a user can run on a given host.<br>
I could not find a ticket. I thought there was one on the IPA side.<br>
<br>
In the absence of these tools you would have to join several LDAP
searches.<br>
<br>
<blockquote
cite="mid:CAOuzmw4h0SUaduyppTmTMmiLVyTDeS5kXZ659g=L6zQdV7a+VQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Any assistance is appreciated.</div>
<div><br>
</div>
<div>TIA,</div>
<div><br>
</div>
<div>Herb</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>