[Freeipa-users] Importing /etc/sudoers into IPA.

Genadi Postrilko genadipost at gmail.com
Sun Dec 28 09:04:42 UTC 2014 

Thanks you for the response.

The amount of rules is :
50+ Host_Alias
50+ User_Alias
10+ Runas_Alias
450+ Cmnd_Alias

The user/groups --> command mapping itself is about 50 more rules.

2014-12-27 23:28 GMT+02:00 Rob Crittenden <rcritten at redhat.com>:

> Genadi Postrilko wrote:
> > I'm not sure i understand what you mean.
>
> IPA uses its own schema for sudo so the script will not work. I haven't
> looked at it so don't know what amount of effort would be needed to make
> it work.
>
> You can create the sudo commands and rules but in order to associate
> user and groups with the rules they will need to exist.
>
> How many rules are we talking about?
>
> rob
>
> >
> > 2014-12-22 22:50 GMT+02:00 Craig White <CWhite at skytouchtechnology.com
> > <mailto:CWhite at skytouchtechnology.com>>:
> >
> >     I would not recommend that path with FreeIPA.____
> >
> >     __ __
> >
> >     This is clearly the way to go with FreeIPA____
> >
> >     __ __
> >
> >
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/sudo.html____
> >
> >     __ __
> >
> >     Craig White____
> >
> >     System Administrator____
> >
> >     O623-201-8179   M602-377-9752____
> >
> >     __ __
> >
> >     cid:image001.png at 01CF86FE.42D51630____
> >
> >     __ __
> >
> >     SkyTouch Technology     4225 E. Windrose Dr.     Phoenix, AZ
> 85032____
> >
> >     __ __
> >
> >     *From:*freeipa-users-bounces at redhat.com
> >     <mailto:freeipa-users-bounces at redhat.com>
> >     [mailto:freeipa-users-bounces at redhat.com
> >     <mailto:freeipa-users-bounces at redhat.com>] *On Behalf Of *Genadi
> >     Postrilko
> >     *Sent:* Monday, December 22, 2014 1:38 PM
> >     *To:* freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
> >     *Subject:* [Freeipa-users] Importing /etc/sudoers into IPA.____
> >
> >     __ __
> >
> >     Hello All.____
> >
> >     __ __
> >
> >     I'm planning to migrate the /etc/sudoers into the IPA.____
> >
> >     I have read that sudoers2ldif should be used to import /etc/sudoers
> >     into LDAP.____
> >
> >     http://www.sudo.ws/sudo/readme_ldap.html ____
> >
> >     The script will work as is? or changes should be add?____
> >
> >     Should the users and group mentioned in sudoers be created
> >     beforehand?____
> >
> >     __ __
> >
> >     Thanks,____
> >
> >     Genadi.____
> >
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141228/dafeb6f9/attachment.htm>

More information about the Freeipa-users mailing list