Sudo in directory server

snake007uk at gmail.com (Kashif Ali) · Mon, 1 Dec 2008 22:49:27 +0000



Hi,

I have wiki'd my sudo setup

http://wiki.unixcraft.com/display/MainPage/Sudo+in+Centos+Directory+Server


2008/12/1 Rich Megginson <rmeggins at redhat.com>

> Erling Ringen Elvsrud wrote:
>
>> I try to add the schema for sudoers from README.LDAP in
>> the srpm-file of sudo-1.6.8p12. I assume the iPlanet-version will work
>> best, but
>> get this problem when I restart directory server:
>>
>> [root at testserver schema]# service dirsrv restart
>> Shutting down dirsrv:
>>    testserver...                                          [  OK  ]
>> Starting dirsrv:
>>    testserver...[27/Nov/2008:10:37:31 +0100] - Entry "cn=schema
>> attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC
>> 'User(s) who may  run sudo' EQUALITY caseExactIA5Match SUBSTR caseE"
>> required attribute "objectclass" missing
>>
>>
>
> The sudo schema is now in CVS HEAD and will be part of the next release of
> Fedora DS:
>
> http://cvs.fedoraproject.org/viewvc/ldapserver/ldap/schema/60sudo.ldif?revision=1.1&root=dirsec&view=markup
>
> You can go ahead and download and use this file with any version of Fedora
> DS.
>
>>                                                           [  OK  ]
>> [root at testserver schema]# cat 99sudoers.ldif
>> dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME
>> 'sudoUser' DESC 'User(s) who may  run sudo' EQUALITY caseExactIA5Match
>> SUBSTR caseE
>>
>> xactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN
>> 'SUDO' )
>>  attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC
>> 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseEx
>>
>> actIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO'
>> )
>>  attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC
>> 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match S
>>
>> YNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
>>  attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC
>> 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1
>>
>> .3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
>>  attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC
>> 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1
>>
>> .3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
>>  objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top
>> STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sud
>>
>> oHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) X-ORIGIN
>> 'SUDO' )
>>
>> Any help to get the schema for sudo correctly added is appreciated.
>>
>> Thanks,
>>
>> Erling
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20081201/3fcb1548/attachment.html