[Freeipa-users] Delegated Administration in IPA
Martin Basti
mbasti at redhat.com
Mon Aug 8 08:41:59 UTC 2016
On 08.08.2016 10:03, Deepak Dimri wrote:
> Hi List,
>
> I want some help here! i have 100 of linux servers and ec2 instances
> used by various teams/departments. I want to have group wise
> clubbing of these servers so that i can delegate administration
> access to manager of that particular group. For example lets say out
> of those 100 servers, 25 servers belongs to engineering team so i want
> to register these 25 servers under engineering group/domain and then
> assign the full administration access to engineering manager to manage
> these 25 servers and there accesses.
>
> I am getting a sense that we can create DNS subdomains for each team
> i.e. engineering.<ipa server domain name> and then register those 25
> servers under engineering.<ipa server domain name> but then i am not
> sure how i can assign the access and do rest of the configurations.
>
> I would be thankfully if any of you can provide with configuration
> steps to help me
>
> Thanks,
> Deepak
>
>
Hello,
I think you need HBAC
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/configuring-host-access.html
You need add servers to particular hostgroups, and create HBAC rules
according the doc ^^^
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160808/50ca9c3d/attachment.htm>
More information about the Freeipa-users
mailing list