Usermod

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Did you recompile sudo with the --with-ldap flag?

-----Original Message-----
From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Sigur?ur Bjarnason
Sent: Thursday 8 May 2008 15:48
To: General discussion list for the Fedora Directory server project.
Subject: RE: Usermod



Thanks...  ..I have however SUDO schema for LDAP allready. But I cant seam to figure out how to allow certain users to login as other users.. L

 

Should I just allow the users to do su - ... but then they can login as root also right ?..

 

This is my sudo schema

 

dn: cn=schema

attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may  run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )

attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )

attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )

attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )

attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )

objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' )

 

 

Regards

Siggi

 

 

From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of FAUCONNIER Valery AWL-IT
Sent: 7. ma? 2008 06:31
To: General discussion list for the Fedora Directory server project.
Subject: RE: Usermod

 

There is a schema for sudo entries look at http://fci.wikia.com/wiki/Setting_Up_A_Centralised_Authentication_Server_With_Sudo_Access_Using_LDAP

 

You have to modify the given shema to be compatible with fds (a script exists to convert schema):

 

# cat 77sudo.ldif 
#
################################################################################
#
dn: cn=schema
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.1
  NAME 'sudoUser'
  DESC 'User(s) who may run sudo'
  EQUALITY caseExactIA5Match
  SUBSTR caseExactIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.2
  NAME 'sudoHost'
  DESC 'Host(s) who may run sudo'
  EQUALITY caseExactIA5Match
  SUBSTR caseExactIA5SubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.3
  NAME 'sudoCommand'
  DESC 'Command(s) to be executed by sudo'
  EQUALITY caseExactIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.4
  NAME 'sudoRunAs'
  DESC 'User(s) impersonated by sudo'
  EQUALITY caseExactIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
attributeTypes: (
  1.3.6.1.4.1.15953.9.1.5
  NAME 'sudoOption'
  DESC 'Options(s) followed by sudo'
  EQUALITY caseExactIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  )
#
################################################################################
#
objectClasses: (
  1.3.6.1.4.1.15953.9.2.1
  NAME 'sudoRole'
  DESC 'Sudoer Entries'
  SUP top
  STRUCTURAL
  MUST ( cn )
  MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description )
  )
#
################################################################################
#

-----Original Message-----
From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Sigur?ur Bjarnason
Sent: Monday 5 May 2008 18:33
To: Fedora-directory-users at redhat.com
Subject: Usermod

Hi All

 

Is there any way of defineing usermod with FDS ?, 

 

Lets say that I am user "siggi" and I need to give him rights to login as user "test" is that possible with FDS ?

 

Regards

Siggi

 

Atos Worldline SA/NV - Chaussee de Haecht 1442 Haachtsesteenweg 

- 1130 Brussels - Belgium

RPM-RPR Bruxelles-Brussel - TVA-BTW BE 0418.547.872

Bankrekening-Compte Bancaire-Bank Account 310-0269424-44

BIC BBRUBEBB - IBAN BE55 3100 2694 2444

 

"The information contained in this e-mail and any attachment thereto is confidential and may contain information which is protected by intellectual property rights.

This information is intended for the exclusive use of the recipient(s) named above.

This e-mail does not constitute any binding relationship or offer toward any of the addressees.

If you are not one of the addressees , one of their employees or a proxy holder entitled to hand over this message to the addressee(s), any use of the information contained herein (e.g. reproduction, divulgation, communication or distribution,...) is prohibited.

If you have received this message in error, please notify the sender and destroy it immediately after.

The integrity and security of this message cannot be guaranteed and it may be subject to data corruption, interception and unauthorized amendment, for which we accept no liability."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080509/0ab3a1c0/attachment.html 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux