[Freeipa-devel] [PATCH] 24 Add sudorule and hbacrule to indirectmemberof attributes of user.py

[Rob Crittenden]

JR Aquino wrote:
> On Apr 12, 2011, at 9:45 AM, JR Aquino wrote:
>
>> Add HBAC Rule and Sudo Rule to users as indirect member attributes to simplify the auditing of users for their indirect membership to their authorization rights.
>>
>> An Administrator should have the ability to quickly identify the rights a user will have in the system.
>>
>> For example. With the patch added, my user show looks like this:
>>
>> # ipa user-show tester --all
>>   dn: uid=builder,cn=users,cn=accounts,dc=example,dc=com
>>   User login: tester
>>   First name: Tester
>>   Last name: Engineering
>>   Full name: Tester Engineering
>>   Display name: Tester Engineering
>>   Initials: TE
>>   Home directory: /home/tester
>>   GECOS field: Tester Engineering
>>   Login shell: /bin/sh
>>   Kerberos principal: tester at EXAMPLE.COM
>>   UID: 1829800388
>>   GID: 1829800388
>>   Account disabled: False
>>   Member of groups: ipausers, auto-dev-deploy-tools, build-integration
>>   ipauniqueid: 72fa22c6-6085-11e0-9629-0023aefe4ec0
>>   krbpwdpolicyreference: cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com
>>   memberofindirect_HBAC rule: development
>>   memberofindirect_Sudo Rule: AUTO-dev-deploy-tools_DEPLOY, AUTO-dev-deploy-tools_ZENOSS, build-integration
>>   mepmanagedentry: cn=tester,cn=groups,cn=accounts,dc=example,dc=com
>>   objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount
>>
>> <freeipa-jraquino-0024-Add-sudorule-and-hbacrule-to-indirectmemberof-attrib.patch>_______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
> OPPS, forgot to have PATCH in the subject.
>

I think you need this as well, right?

-        'memberof': ['group', 'netgroup', 'role'],
+        'memberof': ['group', 'netgroup', 'role', 'sudorule', 'hbacrule'],