-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/17/2010 06:12 AM, imsand@xxxxxxxxx wrote: > Hello, > > I’m referring to an older post (may 2008) > http://lists.fedoraproject.org/pipermail/selinux/2008-May/009449.html > > The question is, if it’s possible to administer SELinux users and RBAC > stuff (like roles) in LDAP? > Are there some developments on this? > What about FreeIPA, do they have some sample code / libraries that I could > integrate in our company? > > In our company everything relies on LDAP. So I must have a solution for > integrating SELinux in LDAP. > > Thanks in advance > imsand > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > It would be fairly easy to integrate SELinux users and LDAP. We have suggested people in the past to store this data in LDAP and then use tools, perhaps in a cron job to extract the data and update the seusers file. But the problem comes down to, how do you do seusers per machine? My account on my laptop should be staff_u but my account on people.fedoraproject.org or people.redhat.com should be guest_u. As an example. IPA is supposed to address this by adding Machine Identity. We had some discussion on having sssd handle some of this also at LinuxCon. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxqY3wACgkQrlYvE4MpobNcdgCcCRs6ZXEML1W+bgu/RQMDqqoY M6kAoNH7UUZ1bwc0Y+sLOkMTOAHtXajZ =nVLL -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
