Re: Sudo in directory server

"Kashif Ali" <snake007uk@xxxxxxxxx> · Mon, 1 Dec 2008 22:49:27 +0000

Hi,

I have wiki'd my sudo setup

http://wiki.unixcraft.com/display/MainPage/Sudo+in+Centos+Directory+Server

2008/12/1 Rich Megginson <rmeggins@xxxxxxxxxx>

Erling Ringen Elvsrud wrote:

I try to add the schema for sudoers from README.LDAP in

the srpm-file of sudo-1.6.8p12. I assume the iPlanet-version will work best, but

get this problem when I restart directory server:

[root@testserver schema]# service dirsrv restart

Shutting down dirsrv:

    testserver...                                          [  OK  ]

Starting dirsrv:

    testserver...[27/Nov/2008:10:37:31 +0100] - Entry "cn=schema

attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC

'User(s) who may  run sudo' EQUALITY caseExactIA5Match SUBSTR caseE"

required attribute "objectclass" missing

The sudo schema is now in CVS HEAD and will be part of the next release of Fedora DS:

http://cvs.fedoraproject.org/viewvc/ldapserver/ldap/schema/60sudo.ldif?revision=1.1&root=dirsec&view=markup

You can go ahead and download and use this file with any version of Fedora DS.

                                                           [  OK  ]

[root@testserver schema]# cat 99sudoers.ldif

dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME

'sudoUser' DESC 'User(s) who may  run sudo' EQUALITY caseExactIA5Match

SUBSTR caseE

xactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )

  attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC

'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseEx

actIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )

  attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC

'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match S

YNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )

  attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC

'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1

.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )

  attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC

'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1

.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )

  objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top

STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sud

oHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' )

Any help to get the schema for sudo correctly added is appreciated.

Thanks,

Erling

--

Fedora-directory-users mailing list

Fedora-directory-users@xxxxxxxxxx

https://www.redhat.com/mailman/listinfo/fedora-directory-users

--

Fedora-directory-users mailing list

Fedora-directory-users@xxxxxxxxxx

https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users