Добрый день меня интересует получение SELINUX метки из LDAP.
По запросу :
[root@ksa1c1ipa ~]# ldapsearch -Y GSSAPI uid=ksa1c1g3u1
следующий ответ:
//=========================================================================
SASL/GSSAPI authentication started
SASL username: ksa1c1g3u1@CHE.RU
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <dc=che,dc=ru> (default) with scope subtree
# filter: uid=ksa1c1g3u1
# requesting: ALL
#
# ksa1c1g3u1, users, compat, che.ru
dn: uid=ksa1c1g3u1,cn=users,cn=compat,dc=che,dc=ru
ipaAnchorUUID:: OklQQTpjaGUucnU6MTZkZTllZGUtODEyYy0xMWU4LTk5YWItMGNjNDdhYTFiYT
dm
objectClass: posixAccount
objectClass: ipaOverrideTarget
objectClass: top
gidNumber: 1324800008
gecos:: 0J3QsNGH0LDQu9GM0L3QuNC6INC+0YLQtNC10LvQsCDQv9C+0LPRgNCw0L3QuNGH0L3Qvt
C5INC+0YXRgNCw0L3Riw==
uidNumber: 1324800008
cn:: 0J3QsNGH0LDQu9GM0L3QuNC6INC+0YLQtNC10LvQsCDQv9C+0LPRgNCw0L3QuNGH0L3QvtC5I
NC+0YXRgNCw0L3Riw==
loginShell: /bin/sh
homeDirectory: /home/ksa1c1g3u1
uid: ksa1c1g3u1
# ksa1c1g3u1, users, accounts, che.ru
dn: uid=ksa1c1g3u1,cn=users,cn=accounts,dc=che,dc=ru
krbPasswordExpiration: 20440405102941Z
krbLastPwdChange: 20190815102941Z
memberOf: cn=ipausers,cn=groups,cn=accounts,dc=che,dc=ru
memberOf: cn=ksa1c1g3,cn=groups,cn=accounts,dc=che,dc=ru
memberOf: ipaUniqueID=17ee7f74-812c-11e8-a1d7-0cc47aa1ba7f,cn=usermap,cn=selin
ux,dc=che,dc=ru
memberOf: ipaUniqueID=a91ff0ba-838c-11e8-bd00-0cc47aa1ba7f,cn=hbac,dc=che,dc=r
u
memberOf: ipaUniqueID=78dc9d2a-84f1-11e8-9e68-0cc47aa1ba7f,cn=hbac,dc=che,dc=r
u
st: ksa1c1sb.che.ru
postalCode: ksa1c1vm1.che.ru
displayName:: 0J3QsNGH0LDQu9GM0L3QuNC6INC+0YLQtNC10LvQsCDQv9C+0LPRgNCw0L3QuNGH
0L3QvtC5INC+0YXRgNCw0L3Riw==
cn:: 0J3QsNGH0LDQu9GM0L3QuNC6INC+0YLQtNC10LvQsCDQv9C+0LPRgNCw0L3QuNGH0L3QvtC5I
NC+0YXRgNCw0L3Riw==
krbCanonicalName: ksa1c1g3u1@CHE.RU
title:: 0J3QsNGH0LDQu9GM0L3QuNC6INC+0YLQtNC10LvQsCDQv9C+0LPRgNCw0L3QuNGH0L3Qvt
C5INC+0YXRgNCw0L3Riw==
objectClass: ipaobject
objectClass: person
objectClass: top
objectClass: ipasshuser
objectClass: inetorgperson
objectClass: organizationalperson
objectClass: krbticketpolicyaux
objectClass: krbprincipalaux
objectClass: inetuser
objectClass: posixaccount
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
loginShell: /bin/sh
initials:: 0J3Qvg==
gecos:: 0J3QsNGH0LDQu9GM0L3QuNC6INC+0YLQtNC10LvQsCDQv9C+0LPRgNCw0L3QuNGH0L3Qvt
C5INC+0YXRgNCw0L3Riw==
sn:: 0L7RgtC00LXQu9CwINC/0L7Qs9GA0LDQvdC40YfQvdC+0Lkg0L7RhdGA0LDQvdGL
homeDirectory: /home/ksa1c1g3u1
uid: ksa1c1g3u1
mail: ksa1c1g3u1@ksa1c1mail1ms.che.ru
krbPrincipalName: ksa1c1g3u1@CHE.RU
givenName:: 0J3QsNGH0LDQu9GM0L3QuNC6
ipaUniqueID: 16de9ede-812c-11e8-99ab-0cc47aa1ba7f
uidNumber: 1324800008
gidNumber: 1324800008
# search result
search: 4
result: 0 Success
# numResponses: 3
# numEntries: 2
//=====================================================================
Хотелось бы для этого пользователя получить метку SElinux вида :
ksa1c1g3u1_u:s0