Sudo in directory server

rmeggins at redhat.com (Rich Megginson) · Mon, 01 Dec 2008 08:55:06 -0700



Erling Ringen Elvsrud wrote:
> I try to add the schema for sudoers from README.LDAP in
> the srpm-file of sudo-1.6.8p12. I assume the iPlanet-version will work best, but
> get this problem when I restart directory server:
>
> [root at testserver schema]# service dirsrv restart
> Shutting down dirsrv:
>     testserver...                                          [  OK  ]
> Starting dirsrv:
>     testserver...[27/Nov/2008:10:37:31 +0100] - Entry "cn=schema
> attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC
> 'User(s) who may  run sudo' EQUALITY caseExactIA5Match SUBSTR caseE"
> required attribute "objectclass" missing
>   

The sudo schema is now in CVS HEAD and will be part of the next release 
of Fedora DS:
http://cvs.fedoraproject.org/viewvc/ldapserver/ldap/schema/60sudo.ldif?revision=1.1&root=dirsec&view=markup

You can go ahead and download and use this file with any version of 
Fedora DS.
>                                                            [  OK  ]
> [root at testserver schema]# cat 99sudoers.ldif
> dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME
> 'sudoUser' DESC 'User(s) who may  run sudo' EQUALITY caseExactIA5Match
> SUBSTR caseE
>
> xactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
>   attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC
> 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseEx
>
> actIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
>   attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC
> 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match S
>
> YNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
>   attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC
> 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1
>
> .3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
>   attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC
> 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1
>
> .3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
>   objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top
> STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sud
>
> oHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' )
>
> Any help to get the schema for sudo correctly added is appreciated.
>
> Thanks,
>
> Erling
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20081201/ae60ba20/attachment.bin