[Freeipa-users] RHEL6 IPA and Active Directory synchronisation and Solaris RBAC
Sigbjorn Lie
sigbjorn at nixtra.com
Thu Feb 14 20:44:02 UTC 2013
I agree with schema support being enough for now. I do not expect the ipa mgmt tools to support Solaris rbac mgmt.
The ipa mgmt tools are great, but I already have other data in the ipa ldap that I have to manage manually anyway.
Rgds,
Siggi
Rob Crittenden <rcritten at redhat.com> wrote:
>Dag Wieers wrote:
>> On Thu, 14 Feb 2013, Rob Crittenden wrote:
>>
>>> Sigbjorn Lie wrote:
>>>> On 02/13/2013 04:10 PM, Rob Crittenden wrote:
>>>>
>>>> > > Also since we also require compatibility with Solaris, and
>roles
>>>> > > (RBAC)
>>>> > > is currently used on Solaris, does IPA support RBAC on Solaris
>?
>>>> (We
>>>> > > noticed that RBAC mentioned in the IPA web interface only
>>>> relates to > > IPA
>>>> > > management).
>>>> > > No, IPA doesn't support RBAC on Solaris.
>>>>
>>>> I've come across the same issue. This is just a matter of
>extending the
>>>> schema.
>>>>
>>>> Would there be any interest for adding the Solaris RBAC schema as
>a
>>>> part
>>>> of the standard IPA distributed LDAP schemas?
>>>
>>> Is the schema enough? Won't people want a way from IPA to manage the
>>> data too?
>>
>> Of course, integration in IPA is better, but having the schema
>> integrated is a good first step. Besides, integration in IPA probably
>> won't happen without RBAC support in Fedora/RHEL, right ?
>>
>
>Right, and it is a bit beyond our scope to create a compatible RBAC
>solution.
>
>rob
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130214/478e7050/attachment.htm>
More information about the Freeipa-users
mailing list