Jared B. Griffith wrote: > Has anyone managed sudoers via FDS here? I have been trying to create LDAP > entries as mentioned here: http://www.gratisoft.us/sudo/readme_ldap.html > Which FDS will not allow me to do, even though the schemas for SUDO are in > the server. Is there a walkthrough, or is there anyone that is managing > SUDO via FDS here successfully? I have but it was in 2006, I have not documented it, this is what I remember from it: I added 69sudoschema.ldif (see attached files) to the FDS and restarted it. Then I converted sudoers file with sudoers2ldif (and made some entries by hand). For administration I have used phpldapadmin and sudoers.xml template. I used RHEL4 and had to compile newer sudo (sudo-1.6.8p8-2.4.i686.rpm), original one did not support LDAP. I took that version from Fedora Core X and enabled LDAP support from spec file (see .patch file). Regards, Kimmo
dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' )
Attachment:
sudoers2ldif
Description: Perl program
<template> <title>Sudo entry</title> <!-- <regexp>^o=.*,</regexp> --> <icon>images/tools.png</icon> <description>New sudo entry</description> <askcontainer>1</askcontainer> <rdn>cn</rdn> <visible>1</visible> <objectClasses> <objectClass id="top"></objectClass> <objectClass id="sudoRole"></objectClass> </objectClasses> <attributes> <attribute id="cn"> <display>Sudo entry name</display> <description>cn</description> <hint>admins</hint> <order>1</order> <page>1</page> <value></value> </attribute> <attribute id="description"> <display>Description</display> <description>description</description> <icon>images/document.png</icon> <hint></hint> <order>2</order> <page>1</page> <value></value> </attribute> <attribute id="sudoCommand"> <display>Command(s) to be executed by sudo</display> <description>sudoCommand</description> <icon>images/object.png</icon> <hint>/bin/true</hint> <order>3</order> <page>1</page> <value></value> </attribute> <attribute id="sudoHost"> <display>Host(s) who may run sudo</display> <description>sudoHost</description> <icon>images/host.png</icon> <hint>server1</hint> <order>4</order> <page>1</page> <value></value> </attribute> <attribute id="sudoUser"> <display>User(s) who may run sudo</display> <description>sudoUser</description> <icon>images/user.png</icon> <hint>johndoe</hint> <order>5</order> <page>1</page> <value></value> </attribute> <attribute id="sudoRunAs"> <display>User(s) impersonated by sudo</display> <description>sudoRunAs</description> <icon>images/uid.png</icon> <hint>jackdoe</hint> <order>6</order> <page>1</page> <value></value> </attribute> <attribute id="sudoOption"> <display>Options(s) followed by sudo</display> <description>sudoOption</description> <icon>images/tools.png</icon> <hint>noexec</hint> <order>7</order> <page>1</page> <value></value> </attribute> </attributes> </template>
--- sudo.spec~ 2005-12-16 12:31:28.000000000 +0200 +++ sudo.spec 2006-10-26 20:45:46.000000000 +0300 @@ -11,7 +11,7 @@ URL: http://www.courtesan.com/sudo/ BuildRoot: %{_tmppath}/%{name}-root Requires: /etc/pam.d/system-auth, vim-minimal -BuildRequires: pam-devel, groff +BuildRequires: pam-devel, groff, openldap-devel %if %{WITH_SELINUX} BuildRequires: libselinux-devel %endif @@ -68,6 +68,7 @@ --sbindir=%{_sbindir} \ --with-logging=syslog \ --with-logfac=authpriv \ + --with-ldap \ --with-pam \ --with-editor=/bin/vi \ --with-env-editor \
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
