[racktables-users] Re: Tagging LDAP users

From: Denis Ovsienko <denis@xxxxxxxxxxxxx>
To: <racktables-users@xxxxxxxxxxxxx>
Date: Wed, 24 May 2017 12:01:26 +0100

---- On Tue, 23 May 2017 22:19:09 +0100 Tim W wrote ----

Looks like it didn't work out.

This is what I did (ldap names changed for security reasons):

context insert {server admins} on {$lgcn_WindowsAdmins}

context insert {network admins} on {$lgcn_NetworkAdmins}

context insert {storage admins} on {$lgcn_SanAdmins}

allow {network admins} and {network assets} and {$tab_edit} and {$tab_addmore}
and {$tab_default}

The above grant never allows anything because at most one "tab" autotag is
present in the security context at once. The expression needs to be different,
please see examples at
http://wiki.racktables.org/index.php/RackTablesAdminGuide#Permission_configuration
and in the list archive.

allow {storage admins} and {storage assets} and {$tab_default}

The above should work, could you explain in detail how it fails?

allow {server admins} and {server assets} and {$tab_edit} and {$tab_addmore}
and {$tab_default}

but it didn't work.

I also tried to do this with my own personal ID - 'context insert {server
admins} on {$username_tim}' - and it didn't work either. The only thing that
did work is if I replaced 'server admins' in the 'allow' statements with my
own user id or $lgcn_ group.

It works for me now exactly as expected.

--
Denis Ovsienko

References:
- [racktables-users] Tagging LDAP users
  - From: Tim W
- [racktables-users] Re: Tagging LDAP users
  - From: Anthony Pereira
- [racktables-users] Re: Tagging LDAP users
  - From: Tim W
- [racktables-users] Re: Tagging LDAP users
  - From: Denis Ovsienko
- [racktables-users] Re: Tagging LDAP users
  - From: Tim W
- [racktables-users] Re: Tagging LDAP users
  - From: Tim W

[racktables-users] Re: Tagging LDAP users

Other related posts: