[Freeipa-users] Test scenario
Steven Jones
Steven.Jones at vuw.ac.nz
Mon Sep 5 21:15:30 UTC 2011
No im looking at this in a fairly agnostic way.....what I am looking for are real world scenarios that I can test potential LDAP type solutions against to determine the best for our needs....but you are right the sssd link in is a killer......
BUT
I have to prove to my management which solution is the best....I have an uphill struggle as they want to use AD but they also want all the bells and whistles, except they dont know what that means.....so I need to construct test cases where I can say here are (say) 5 cases, I want to get them to sign off on as what they want.....
So I need to use logic against their gut feel.....or I'll end up managing a pile of crap....
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Sigbjorn Lie [sigbjorn at nixtra.com]
Sent: Monday, 5 September 2011 9:29 p.m.
To: Steven Jones
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Test scenario
On Mon, September 5, 2011 00:08, Steven Jones wrote:
> Hi,
>
>
>> From evaluation purposes I am looking to write test cases to evaluate authentication products
>> so here is one I am thinking of.
>
>> From what I can see of IPA it would be fairly easy to implement centrally?
>>
>
> Lets say I have four users Linux users who are in AD...all on the same server/workstation.
>
>
> How would (or is it possible) to set them up so user A can ssh to certain remote servers (group
> A), but user B cannot get to the group A servers. At the same time user B can get to Group B
> servers but A cannot.....In addition to that User C is an admin and he can get to both groups A
> and B.....User D in the meantime cannot get to A or B groups.....but can ssh out to the
> Internet......as can A, B and C.
>
>
> Does anyone have any others that are real world situations that I can use as test cases?
>
I presume you're referring to your AD users after they've been sync'ed to a IPA instance...?
Use Host Based Group Access if the servers are running SSSD, or use old fashioned netgroups if
your servers does not run SSSD.
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/configuring-host-access.html
Regards,
Siggi
More information about the Freeipa-users
mailing list