[indiana-discuss] Indiana & RBAC LDAP Schema Q
Dave Miner
dminer at opensolaris.org
Mon Mar 10 12:13:04 PDT 2008
Jason J. W. Williams wrote:
> Hi All,
>
> Has anyone gotten Indiana LDAP authentication working against an
> OpenLDAP server? We have a setup that is currently working with all of
> our SXCE boxes, but the required RBAC profile enforcement on Indiana
> allows our users to login to an Indiana system but not pfexec to root
> permissions or su. Under Linux we have a sudo attribute we set, but
> I'm having a heck of time figuring out which attribute to set to
> assign a Solaris profile in LDAP. Any help is greatly appreciated.
>
Well, the RBAC configuration is not required, it's just the default.
You can configure Indiana the same as you have on SXCE, just remove the
"type=role;" token from the root entry in /etc/user_attr and remove any
"roles=root" tokens from other users in that file.
I don't have any background on setting up RBAC with LDAP, but the system
administrator's guide on docs.sun.com implies that there are several
schemas related to RBAC that need to be loaded into LDAP. You might
have better luck asking the question over in the security community.
Dave
More information about the indiana-discuss
mailing list