On 11/27/08, Edward Capriolo <edlinuxguru at gmail.com> wrote:
> I think sudo provides a sample open ldap schema. The syntax is
> slightly different
Thanks for your reply, I try to use your schema, but still get errors:
[root at testserver schema]# service dirsrv restart
Shutting down dirsrv:
testserver... [ OK ]
Starting dirsrv:
testserver...[28/Nov/2008:08:44:51 +0100] - Entry "cn=schema
attributetypes :( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC"
required attribute "objectclass" missing
[ OK ]
[root at testserver schema]# cat 99sudoers.ldif
dn: cn=schema attributetypes :( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC
'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR
caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes :( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC
'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR
caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes :( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC
'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes :( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC
'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes :( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC
'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
objectclasses :( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top
STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost
$ sudoCommand $ sudoRunAs $ sudoOption $ description ) )
Could you please send me a copy of the schema directly? Just to make sure all
linebreaks and formatting is correct.
How did you get the schema?
The README.LDAP in sudo provides two schema, one for OpenLDAP and one
for iPlanet and similar directory-servers (like Fedora DS if I have
understood correctly).
Best regards,
Erling
