On Mon, May 11, 2009 at 7:09 PM, Chris St. Pierre <stpierre at nebrwesleyan.edu > wrote: > On Mon, 11 May 2009, James Chavez wrote: > > Now If the uid is listed as Joe_Montana..and I login as Joe_Montana then >> the >> entry is recognized correctly by the sudo functions. >> If I login as joe_montana the sudo functions fail. >> Is there a way to force 389 to be case insensitive so that username or >> UIDs >> are recognized regardless of case? >> > > In the sudoers schema file > (/etc/dirsrv/slapd-<instance>/schema/60sudo.ldif), you'll note that > the sudoUser attribute has: > > EQUALITY caseExactIA5Match > SUBSTR caseExactIA5SubstringsMatch > > So do the sudoHost, sudoCommand, etc., attributes. If you want > case-insensitive matching, you should change that to: > > EQUALITY caseIgnoreIA5Match > SUBSTR caseIgnoreIA5SubstringsMatch > > And then restart the DS. > ++ Chris thanks for the reply. That helps...seems obvious now that you > pointed it to me. i appreciate it. > > Secondly it seems the Fedora 9 newkey updates repo is broken. I upgraded >> all >> of our installations to the newest packages 2 to 3 weeks ago and i am >> wondering if these are still the latest packages. >> >> fedora-ds-dsgw-1.1.1-1.fc9.i386 >> fedora-ds-console-1.2.0-1.fc9.noarch >> fedora-ds-base-1.2.0-4.fc9.i386 >> fedora-ds-1.1.3-1.fc9.noarch >> fedora-ds-admin-1.1.7-3.fc9.i386 >> fedora-ds-admin-console-1.1.3-1.fc9.noarch >> > > Yes, those are the latest packages. Note that the fedora-ds-base > package -- which has the important stuff -- and the fedora-ds-console > package -- which has the shiny GUI stuff -- are both at 1.2.0, the > latest version. FDS -- err, 389DS -- doesn't rev all of the package > versions to track the release version, so the fedora-ds package is > still at 1.1.3 while its requirements are at various other versions. > > Some nuts and bolts: fedora-ds is itself just a "meta-package" that > contains nothing; it just requires other packages. So the fedora-ds > package version really only needs to incremented if the requirements > change. Since they didn't, it's easier for the dev team to leave what > they can alone and only release new versions of packages that actually > have some changed code. > > Make sense? ++ Makes perfect sense, thanks a bunch, so i should be most concerned with the fedora-ds-base and fedora-ds-console packages for revision or version changes. I will definitely keep that in mind. Thanks again for the clarity. James > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20090511/9803071a/attachment.html
