[Freeipa-devel] [PATCH] SUDO plugin support for external hosts and users
JR Aquino
JR.Aquino at citrix.com
Wed Dec 15 19:28:52 UTC 2010
Attached is the patch to provide cli support for external hosts and users.
This is accomplished similarly to the netgroup plugin.
If the plugin is input with a hostname/user that does not exist in the directory, the plugin will then assume that the User had intended for these objects to be inserted as 'external' entities. It accomplishes this in a post_callback.
Just like the netgroup plugin, this introduces a possible caveat where someone could mistype a user/host and have it inserted as an external entry, but the CLI attempts to reflect this in its output clearly stating that an External User or External Host has been added.
Please review.
Here is a sample sudorule containing external entries:
*Contained herein are, externaluser, externalhost, as well as sudorunas and sudorunasgroup*
dn: ipaUniqueID=8a9103b8-06cc-11e0-b481-8a3d259cb0b9,cn=sudorules,dc=example,dc=com
objectClass: ipaassociation
objectClass: ipasudorule
ipaEnabledFlag: TRUE
cn: tester
ipaUniqueID: 8a9103b8-06cc-11e0-b481-8a3d259cb0b9
ipaSudoRunAs: uid=admin,cn=users,cn=accounts,dc=example,dc=com
ipaSudoRunAsGroup: cn=admins,cn=groups,cn=accounts,dc=example,dc=com
externalUser: testuser
externalHost: host1.example.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jraquino-0009-SUDO-plugin-support-for-external-hosts-and-users.patch
Type: application/octet-stream
Size: 11637 bytes
Desc: freeipa-jraquino-0009-SUDO-plugin-support-for-external-hosts-and-users.patch
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20101215/9455a34d/attachment.obj>
More information about the Freeipa-devel
mailing list