[Freeipa-users] RHEL6 IPA and Active Directory synchronisation and Solaris RBAC
Sigbjorn Lie
sigbjorn at nixtra.com
Sat Feb 16 11:29:28 UTC 2013
On 02/15/2013 10:31 PM, Dmitri Pal wrote:
> On 02/15/2013 09:17 AM, Rodney L. Mercer wrote:
>>
>> On Thu, 2013-02-14 at 21:44 +0100, Sigbjorn Lie wrote:
>>> I agree with schema support being enough for now. I do not expect the
>>> ipa mgmt tools to support Solaris rbac mgmt.
>>>
>>> The ipa mgmt tools are great, but I already have other data in the ipa
>>> ldap that I have to manage manually anyway.
>>>
>>>
>>>
>>> Rgds,
>>> Siggi
>>>
>>>
>>>
>>> Rob Crittenden <rcritten at redhat.com> wrote:
>>> Dag Wieers wrote:
>>> On Thu, 14 Feb 2013, Rob Crittenden wrote:
>>>
>>> Sigbjorn Lie wrote:
>>> On 02/13/2013 04:10 PM, Rob Crittenden wrote:
>>>
>>> Also since we also require compatibility with Solaris, and roles
>>> (RBAC)
>>> is currently used on Solaris, does IPA support RBAC on Solar
>>> is ?
>>> (We
>>> noticed that RBAC mentioned in the IPA web interface only
>>> relates to > > IPA
>>> management).
>>> No, IPA doesn't support RBAC on Solaris.
>>>
>>> I've come across the same issue. This is just a matter of extending the
>>> schema.
>>>
>>> Would there be any interest for adding the Solaris RBAC schema as a
>>> part
>>> of the standard IPA distributed LDAP schemas?
>>
>> Consider the following: What else would have to be put in to support
>> this?
>> Once the schema is established, can SSSD be extended to use this and
>> potentially be referenced in nsswitch.conf as it is implemented on
>> Solaris? IE:
>> tail -5 /etc/nsswitch.conf
>> user_attr: sssd
>> auth_attr: sssd
>> prof_attr: sssd
>> exec_attr: sssd
>> project: sssd
>
> Before we define how it is passed/exposed it would nice to understand
> who on Linux will be consuming it out of SSSD?
>
I don't think Linux would consume these attributes. They are specific to
the Role Based Access Control solution implemented in Solaris.
Rgds,
Siggi
More information about the Freeipa-users
mailing list