multiple gateway groups

[hijak]

Hi

I am trying to get two groups ignored by the interface but it only ignores the first

[root@bastion01 aker]# cat aker.ini
[General]
log_level = INFO
ssh_port = 22

# Identity Provider to determine the list of available hosts
# options shipped are IPA, Json. Default is IPA
idp = IPA

# FreeIPA hostgroup name contatining Aker gateways
# to be excluded from hosts presented to user
gateway_group = bastionservers, ipaservers

[anazmy]

Yes, that field expects a single value for now. That can be expanded but I think I know what you're trying to do here, you want ipa servers not to show on the list, right?

That can be achieved by disabling IPA's default hbac rule "allow all" and then setup rules to allow users access to the servers as needed. The sample environment setup in the ansible playbook can provide a nice example.

[anazmy]

But beware you setup correct rules not lock yourself out.

[hijak]

ah of course ! thanks for the direction