[indiana-discuss] Indiana & RBAC LDAP Schema Q
Stephen Hahn
sch at sun.com
Mon Mar 10 11:44:30 PDT 2008
* Jason J. W. Williams <jasonjwwilliams at gmail.com> [2008-03-10 18:22]:
> Has anyone gotten Indiana LDAP authentication working against an
> OpenLDAP server? We have a setup that is currently working with all of
> our SXCE boxes, but the required RBAC profile enforcement on Indiana
> allows our users to login to an Indiana system but not pfexec to root
> permissions or su. Under Linux we have a sudo attribute we set, but
> I'm having a heck of time figuring out which attribute to set to
> assign a Solaris profile in LDAP. Any help is greatly appreciated.
How are you setting user_attr entries in your setup? Because
/etc/user_attr makes root a role, you need entries like
sch::::profiles=Primary Administrator;roles=root
to allow an account to access that role.
- Stephen
--
sch at sun.com http://blogs.sun.com/sch/
More information about the indiana-discuss
mailing list