On 02/21/2012 03:14 PM, Stephen Gallagher wrote:
On Tue, 2012-02-21 at 18:26 +0100, Ondrej Valousek wrote:
> Well, I would like to see something like 'adquery' or 'adinfo' from
> Centrify - i.e. tool that would:
> 1. enumerate maps like group, passwd, automount... getent can not do
> everything
This only works with AD because there is an alternative RPC-based
mechanism to ask for this information. In the general LDAP case, SSSD
can't get any more information than 'getent' is permitted.
> 2. Display information about a user (account active, disabled,
> locked,...)
This is again not always possible to determine. Most LDAP servers use
server-side policy controls. We basically can't learn this information
until we try to authenticate in many cases.
But would it make sense to have a tool that would provide this info
based on the local cache?
Enumerating everything is probably a server side tool.
For IPA it can be done via CLI and script around.
But for SSSD we might want to have a way to inspect the cache and
display a report based on it. I know we have tools to deal with the
cache so I wonder it this something that Ondrej would consider useful.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/