[Freeipa-devel] sudo schema
JR Aquino
JR.Aquino at citrixonline.com
Thu Sep 23 18:58:12 UTC 2010
I believe there is an oversight in the schema for the ipaSudoCmdGrp object class.
The current listing has it using 'groupOfUniqueNames...
I found that in this format, I could not actually assign a member to reference an ipaSudoCmd DN...
After some digging, it appears that the other 'group' objects in the schema are set to for nestedGroup
Swapping those values allowed me to make the member adding successfully.
< objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA object class to store groups of SUDO commands' SUP groupOfUniqueNames MUST ( ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' )
---
> objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA object class to store groups of SUDO commands' SUP nestedGroup MUST ( ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' )
Also, there appears to be a compatibility problem with the syntax for hostMask:
[23/Sep/2010:11:20:40 -0700] attr_syntax_create - Error: the EQUALITY matching rule [caseIgnoreIA5Match] is not compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [hostMask]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino, GCIH | Information Security Specialist
Citrix Online | 6500 Hollister Avenue | Goleta, CA 93117
T: +1 805.690.3478
jr.aquino at citrixonline.com<mailto:jr.aquino at citrixonline.com>
http://www.citrixonline.com<http://www.citrixonline.com/>
More information about the Freeipa-devel
mailing list