<div dir="ltr">Craig,<div><br></div><div>Thank you for the reply. Running the ipa hostgroup-show does not appear to provide specific information about individual users. Also, ideally I'd like to see if I can gather the actual sudo rules that one would see in an /etc/sudoers file to the specific hosts.</div><div><br></div><div>I'll investigate if the IPA commands can provide more.</div><div><br></div><div>Thanks,</div><div><br></div><div>Herb</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 16, 2014 at 11:47 AM, Craig White <span dir="ltr"><<a href="mailto:CWhite@skytouchtechnology.com" target="_blank">CWhite@skytouchtechnology.com</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div lang="EN-US" link="blue" vlink="purple"> <div> <p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:freeipa-users-bounces@redhat.com" target="_blank">freeipa-users-bounces@redhat.com</a> [mailto:<a href="mailto:freeipa-users-bounces@redhat.com" target="_blank">freeipa-users-bounces@redhat.com</a>] <b>On Behalf Of </b>Herb Burnswell<br> <b>Sent:</b> Tuesday, December 16, 2014 12:32 PM<br> <b>To:</b> <a href="mailto:freeipa-users@redhat.com" target="_blank">freeipa-users@redhat.com</a><br> <b>Subject:</b> [Freeipa-users] ldapsearch queries for audit<u></u><u></u></span></p> <p class="MsoNormal"><u></u> <u></u></p> <div><div><div class="h5"> <p class="MsoNormal">All,<u></u><u></u></p> <div> <p class="MsoNormal"><u></u> <u></u></p> </div> <div> <p class="MsoNormal">We are running the following versions on RHEL 6.6:<u></u><u></u></p> </div> <div> <p class="MsoNormal"><u></u> <u></u></p> </div> <div> <p class="MsoNormal">ipa-server.x86_64 3.0.0-42.el6<u></u><u></u></p> </div> <div> <p class="MsoNormal">389-ds.noarch 1.2.2-1.el6<u></u><u></u></p> </div> <div> <p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p> <p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p> <p class="MsoNormal">I'm not very experienced with the ldapsearch and would greatly appreciate some guidance. I'd like to run some ldapsearch's that will return access information for specific hosts. For example; I'd like to return what users have access to 'host x' and what sudo rules are available to these users.<u></u><u></u></p> </div> <div> <p class="MsoNormal"><u></u> <u></u></p> </div> <div> <p class="MsoNormal">Any assistance is appreciated.<u></u><u></u></p> </div> <div> <p class="MsoNormal"><u></u> <u></u></p> </div> <div> <p class="MsoNormal">TIA,<u></u><u></u></p> </div> <div> <p class="MsoNormal"><u></u> <u></u></p> </div> <div> <div style="border:none;border-bottom:solid windowtext 1.0pt;padding:0in 0in 1.0pt 0in"> <p class="MsoNormal" style="border:none;padding:0in">Herb<u></u><u></u></p> </div> </div> </div></div><div> <p class="MsoNormal"><span style="color:#1f497d">Herb, I am sure that some if not all of that can be derived via LDAP but I have found this info is much more easily returned via IPA commands.<u></u><u></u></span></p> <p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p> <p class="MsoNormal"><span style="color:#1f497d">ipa hostgroup-show $SOME_HOSTGROUP<span class="HOEnZb"><font color="#888888"><u></u><u></u></font></span></span></p><span class="HOEnZb"><font color="#888888"> <p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p> <p class="MsoNormal"><span style="color:#1f497d">Craig</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p> </font></span></div> </div> </div> </div> </blockquote></div></div>