[Freeipa-users] ldapsearch queries for audit
Dmitri Pal
dpal at redhat.com
Wed Dec 17 18:22:58 UTC 2014
On 12/17/2014 01:05 PM, Herb Burnswell wrote:
> Dimitry,
>
> Thank you for your response. I don't necessarily need to do
> everything in a single query. I'm just interested in understanding
> how to output the information I need and I can adjust the queries
> accordingly. I.E. where is the information saved: cn=sudoers, where
> sudo info is saved, etc.
>
> For example; Does anyone know how I can do an ldapsearch to output all
> the sudo rules in the format we would see in /etc/sudoers file? I
> have to imagine that the rules are just saved in the database to allow
> for sudo on the local systems to read.
Hi,
There is internal schema and external schema. The external one is
visible via ou=sudoers,...
The overall design of SUDO support is here:
http://www.freeipa.org/page/FreeIPAv2:SUDO_integration_plans
The schema design is here:
http://www.freeipa.org/page/FreeIPAv2:SUDO_Schema_Design
Slides
http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
>
> Thanks,
>
> Herb
>
> On Tue, Dec 16, 2014 at 11:31 AM, Herb Burnswell
> <herbert.burnswell at gmail.com <mailto:herbert.burnswell at gmail.com>> wrote:
>
> All,
>
> We are running the following versions on RHEL 6.6:
>
> ipa-server.x86_64 3.0.0-42.el6
> 389-ds.noarch 1.2.2-1.el6
>
> I'm not very experienced with the ldapsearch and would greatly
> appreciate some guidance. I'd like to run some ldapsearch's that
> will return access information for specific hosts. For example;
> I'd like to return what users have access to 'host x' and what
> sudo rules are available to these users.
>
> Any assistance is appreciated.
>
> TIA,
>
> Herb
>
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141217/ab890a0e/attachment.htm>
More information about the Freeipa-users
mailing list