Classic zones support computer-level role assignments. If you want to configure computer‑level role assignments, keep the following in mind:
- The classic zone that the computer is a member of must have authorization enabled before you can create role definitions and role assignments.
- The role assignment is only valid on the computer where you have made the assignment.
- The role definition you use must be defined in the classic zone that the computer is a member of.
A computer-level role assignment in a classic zone is similar to computer-level overrides in hierarchical zones, except that you cannot save user or group profile information for individual computers. User and group information is stored in the classic zone. To enable computer-specific role assignments in classic zones, you must use a specialized zone type, the classic-computer zone type.
To create a computer-level role assignment in a classic zone:
- Precreate the computer in a classic4 zone, if it doesn’t already exist.
- Create a zone that uses the specialized zone type of
classic-computer. - Select the
classic-computerzone within the classic zone. - Create the role assignment.
The following code snippet illustrates the commands to execute in ADEdit to make computer-specific role assignments in classic zones:
bind ajuba.net
package require ade_lib
1.0
select_zone cn=cls,cn=zones,dc=ajuba,dc=net
get_zone_field type
classic4
precreate_computer rhelqa$@ajuba.net
get_zone_computers
{comp5$@ajuba.net} {rhelqa$@ajuba.net}
create_zone classic-computer rhelqa.ajuba.net@cn=cls,cn=zones,dc=ajuba,dc=net
select_zone rhelqa.ajuba.net@cn=cls,cn=zones,dc=ajuba,dc=net
new_role_assignment user5@ajuba.net
set_role_assignment_field role role1/cls
save_role_assignment
You can then get the classic-computer zones by running the get_child_zones command when the classic zone is selected. For example:
select_zone cn=cls,cn=zones,dc=ajuba,dc=net get_child_zones rhelqa.ajuba.net@CN=c122,CN=Zones,DC=ajuba,DC=net comp5.ajuba.net@CN=c122,CN=Zones,DC=ajuba,DC=net
Doc Feedback