LDAP directory and user management
Manage host entries for enrolled machines and servers. Hosts store service principals, participate in host-based access control rules, and can be organized into host groups. Features include enrollment with one-time passwords, SSH key management, certificate management, DNS integration, location assignment, and support for various enrollment scenarios including full and limited administrator workflows.
Manage groups of hosts for policy application and delegated administration. Host groups enable centralized configuration of access control rules, sudo policies, and SELinux mappings. Supports nested host group membership, external members, and membership managers for fine-grained control over host organization and policy assignment.
Manage Kerberos service principals for network services requiring authentication. Service entries store service credentials, support certificate-based authentication, and enable delegation scenarios. Features include service principal management, certificate operations, host and user delegation, and support for constrained delegation (S4U2Proxy) for application integration and single sign-on.
Manage automatic group membership assignment based on user and host attributes. Automember rules automatically add users to groups or hosts to host groups when they match defined criteria. Features include inclusive and exclusive rules, default groups, regular expression matching, and support for both user groups and host groups to streamline provisioning and reduce manual group management.
Manage automount maps and keys for automatic filesystem mounting in NFS environments. Automount configuration enables centralized management of mount points, indirect and direct maps, and supports standard automounter syntax. Features include map and key lifecycle management, location-based map organization, and import/export capabilities for migration and backup.
Manage NIS netgroups for legacy UNIX authentication and authorization systems. Netgroups define sets of users, hosts, and domains for network-wide access control. Supports triple notation (user, host, domain), nested netgroup membership, and integration with NIS compatibility mode for environments requiring traditional UNIX authentication mechanisms.