[Freeipa-users] Declarative configuration options?
Mike LoSapio
mike.losapio at gmail.com
Wed Aug 10 20:52:47 UTC 2016
Something declarative which can be version controlled and considered a
"source of truth" and driven from configuration management (chef,
puppet, ansible - whatever your flavor)
A scheme to reconcile account properties, group memberships,
permissions, etc... I could see how this would be a slippery slope
because of the depth of groupings/permissions/etc... but a
version-controlled declarative user config gives a nice record for
auditors (When did mike get an account, who granted access to him,
when did he get access, what other access has he had over the last
year... etc..)
~~ Pseudo declaraion
ipa_user: mike
uid: mlosapio
first_name: mike
last_name: losapio
On Wed, Aug 3, 2016 at 1:56 PM, Martin Basti <mbasti at redhat.com> wrote:
>
>
> On 01.08.2016 22:50, Mike LoSapio wrote:
>>
>> Hi there,
>>
>> Is there anyone out there with a good system for storing users,
>> groups, hosts, etc.. in some sort of version controlled repo w/ flat
>> files that could plug into "two-man" workflows for user-account
>> creation and privilege/group membership changes, etc.
>>
>> There's some github projects out there to help installing FreeIPA
>> server and a few to get clients up and running, but nothing (that I
>> could find) for the on-going management of FreeIPA resources.
>>
>>
>>
>> So in puppet world (just as an example) - I'd be looking for something
>> like a puppet-defined-type freeipa_user with all the attributes
>> required and more-importantly all the code-glue that puts it all
>> together...
>>
>>
>> Figured I'd ask if there if there's anything already out there before
>> I re-invent the wheel.
>>
>>
>> TIA,
>> --Mike
>>
> Hello,
>
> sorry but I don't understand what you exactly need, can you be more
> specific? Do you need a script that provision users?
>
> Martin
>
>
More information about the Freeipa-users
mailing list