[Freeipa-users] ldapsearch queries for audit
Dmitri Pal
dpal at redhat.com
Wed Dec 17 00:22:20 UTC 2014
On 12/16/2014 02:31 PM, Herb Burnswell wrote:
> All,
>
> We are running the following versions on RHEL 6.6:
>
> ipa-server.x86_64 3.0.0-42.el6
> 389-ds.noarch 1.2.2-1.el6
>
> I'm not very experienced with the ldapsearch and would greatly
> appreciate some guidance. I'd like to run some ldapsearch's that will
> return access information for specific hosts. For example; I'd like
> to return what users have access to 'host x' and what sudo rules are
> available to these users.
>
This would be a pretty complex query.
For users you might want to explore HBAC test. That allows checking if a
specific user has access to a host.
I do not think there is something reverse meaning which users can access
a host.
There is an HBAC library used on the client or by the tool that helps to
collect all the data and do the evaluation.
May be calling it or its bindings would be more helpful.
For sudo I think we need to have a similar tool that would resolve what
commands a user can run on a given host.
I could not find a ticket. I thought there was one on the IPA side.
In the absence of these tools you would have to join several LDAP searches.
> Any assistance is appreciated.
>
> TIA,
>
> Herb
>
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141216/42698e01/attachment.htm>
More information about the Freeipa-users
mailing list