<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 12/17/2014 01:05 PM, Herb Burnswell
wrote:<br>
</div>
<blockquote
cite="mid:CAOuzmw6L+oCspA7G+x9jrzQSpnr=gxjPHPRJJMEH8uVgSbBFtw@mail.gmail.com"
type="cite">
<div dir="ltr">Dimitry,
<div><br>
</div>
<div>Thank you for your response. I don't necessarily need to
do everything in a single query. I'm just interested in
understanding how to output the information I need and I can
adjust the queries accordingly. I.E. where is the information
saved: cn=sudoers, where sudo info is saved, etc.</div>
<div><br>
</div>
<div>For example; Does anyone know how I can do an ldapsearch to
output all the sudo rules in the format we would see in
/etc/sudoers file? I have to imagine that the rules are just
saved in the database to allow for sudo on the local systems
to read.</div>
</div>
</blockquote>
<br>
Hi,<br>
<br>
There is internal schema and external schema. The external one is
visible via ou=sudoers,...<br>
<br>
<br>
The overall design of SUDO support is here:<br>
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/FreeIPAv2:SUDO_integration_plans">http://www.freeipa.org/page/FreeIPAv2:SUDO_integration_plans</a><br>
The schema design is here:
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/FreeIPAv2:SUDO_Schema_Design">http://www.freeipa.org/page/FreeIPAv2:SUDO_Schema_Design</a><br>
<br>
<br>
Slides<br>
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf">http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf</a><br>
<br>
<br>
<blockquote
cite="mid:CAOuzmw6L+oCspA7G+x9jrzQSpnr=gxjPHPRJJMEH8uVgSbBFtw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
<div>Herb</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Dec 16, 2014 at 11:31 AM, Herb
Burnswell <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:herbert.burnswell@gmail.com" target="_blank">herbert.burnswell@gmail.com</a>></span>
wrote:
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">All,
<div><br>
</div>
<div>We are running the following versions on RHEL 6.6:</div>
<div><br>
</div>
<div>ipa-server.x86_64 3.0.0-42.el6<br>
</div>
<div>389-ds.noarch 1.2.2-1.el6<br>
</div>
<div><br>
</div>
<div>I'm not very experienced with the ldapsearch and
would greatly appreciate some guidance. I'd like to run
some ldapsearch's that will return access information
for specific hosts. For example; I'd like to return
what users have access to 'host x' and what sudo rules
are available to these users.</div>
<div><br>
</div>
<div>Any assistance is appreciated.</div>
<div><br>
</div>
<div>TIA,</div>
<div><br>
</div>
<div>Herb</div>
<div><br>
</div>
</div>
</blockquote>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>