0

We are thinking of using LDAP based Identity and Access Management setup with VMware vCloud and OpenStack Nova Compute VMs. VMware vCloud and OpenStack Nova Compute VMs are self-serve in that the end-users (non Admins) can create the VMs as needed.

Currently we have ldap_access_filter as ((memberOf=cn=System Adminstrators,ou=Groups,dc=example,dc=com)) that will allow access to a LINUX / UNIX machine to whoever is in that group.

Since the end-user is not part of this group, he/she is not able to login. We would like to automatically add the end-user who created the VM to the ldap_access_filter.

Also since we manage the Sudo Rules in LDAP, we would like the automatically create a Sudo Rule for that VM and the user to the Rule.

Any thoughts on how to best design this? Maybe we are over-thinking this, and there is a simpler solution.

The end-goal is that the end-user who creates the VM should have full access to that VM in addition to System Adminstrators LDAP Group.

Improve this question

1 Answer 1

Reset to default
0

This is not really an IPA/SSSD question, but depends on how the users and machines are provisioned. Check out IDM's automember command, this might help.

Improve this answer
1
  • Jakub, I understand this is not a IPA/SSSD question, but I was looking for best practices. I am sure other large enterprises have self-serve private cloud as well with centralized Identity and Access Management. Commented Oct 6, 2016 at 13:55

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.