On Wed, 2008-05-21 at 12:01 +0200, Rob Visser wrote:
Hello,
Is it possible to administer SELINUX users and RBAC stuff in LDAP?
With RH directory server?
It would be nice, since all the other stuff can be administered in
LDAP.
Not yet, but known as a need. Likely would take the form of moving
seusers management out of libsemanage and adding a LDAP lookup back end
to libselinux getseuserbyname(). Then you could manage at least the
Linux user -> (SELinux user, MLS range) authorizations in LDAP.
--
Stephen Smalley
National Security Agency