[Fedora-directory-users] Sudo in directory server
Edward Capriolo
edlinuxguru at gmail.com
Thu Nov 27 14:32:37 UTC 2008
I think sudo provides a sample open ldap schema. The syntax is
slightly different
/etc/dirsrv/slapd-ldapslave1/schema/71sudo.ldif
dn: cn=schema
attributetypes :( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC
'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR
caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes :( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC
'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR
caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes :( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC
'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes :( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC
'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
attributetypes :( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC
'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
objectclasses :( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top
STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost
$ sudoCommand $ sudoRunAs $ sudoOption $ description ) )
It would be interesting to find a tool to convert schema from open
LDAP to FDS format since this comes up often.
More information about the Fedora-directory-users
mailing list