[midPoint] Questions about Unix Resources

Ivan Noris ivan.noris at evolveum.com
Fri Apr 22 09:09:18 CEST 2016 

Hi Shawn,

if you have multiple (many) machines, is there a possibility to use LDAP
provisioning and access the machines using PAM? That way you only need
to create account in LDAP and put to specific groups - one per machine...

... which is exactly the scenario why one of the metaroles in our
scenario has been created and allows to create posixGroup one per
machine and then assign to the user ...

Regards,
Ivan

On 04/22/2016 03:27 AM, Shawn McKinney wrote:
> Hi,
>
> I have been doing some testing lately with the unix resources as described in this document:
> https://evolveum.com/blog/provisioning-to-unix-in-5-steps/
>
> And so far it seems to work well.  
>
> My question is about the mapping between midpoint and the linux machine.  It seems that there is a one-to-one correspondence between a linux machine on the network and the unix resource.  That is to say for every new linux machine that must be managed, there must be a new resource that has been loaded into MP.
>
> Is this true?  I worry that a very large network could get unwieldy, i.e. 100’s if not 1000’s of machines to manage.  Is there a way to establish a unix resource that can be bound to a target IP address at account activation time?  That way we just need one unix resource, but it will require input from the user (at the console), to set the IP address of the target machine before activating and adding a new account to that machine.
>
> I suppose this would open a can of worms because you also would need to map the service account to the resource at activation time too.  Not sure what other problems would arise with a mapping such as this.
>
> Do these questions make sense, or am I looking at this wrong? 
>
> Thanks,
>
> Shawn
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

More information about the midPoint mailing list