[Freeipa-users] Importing /etc/sudoers into IPA.
Genadi Postrilko
genadipost at gmail.com
Sun Dec 28 09:04:42 UTC 2014
Thanks you for the response.
The amount of rules is :
50+ Host_Alias
50+ User_Alias
10+ Runas_Alias
450+ Cmnd_Alias
The user/groups --> command mapping itself is about 50 more rules.
2014-12-27 23:28 GMT+02:00 Rob Crittenden <rcritten at redhat.com>:
> Genadi Postrilko wrote:
> > I'm not sure i understand what you mean.
>
> IPA uses its own schema for sudo so the script will not work. I haven't
> looked at it so don't know what amount of effort would be needed to make
> it work.
>
> You can create the sudo commands and rules but in order to associate
> user and groups with the rules they will need to exist.
>
> How many rules are we talking about?
>
> rob
>
> >
> > 2014-12-22 22:50 GMT+02:00 Craig White <CWhite at skytouchtechnology.com
> > <mailto:CWhite at skytouchtechnology.com>>:
> >
> > I would not recommend that path with FreeIPA.____
> >
> > __ __
> >
> > This is clearly the way to go with FreeIPA____
> >
> > __ __
> >
> >
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/sudo.html____
> >
> > __ __
> >
> > Craig White____
> >
> > System Administrator____
> >
> > O623-201-8179 M602-377-9752____
> >
> > __ __
> >
> > cid:image001.png at 01CF86FE.42D51630____
> >
> > __ __
> >
> > SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ
> 85032____
> >
> > __ __
> >
> > *From:*freeipa-users-bounces at redhat.com
> > <mailto:freeipa-users-bounces at redhat.com>
> > [mailto:freeipa-users-bounces at redhat.com
> > <mailto:freeipa-users-bounces at redhat.com>] *On Behalf Of *Genadi
> > Postrilko
> > *Sent:* Monday, December 22, 2014 1:38 PM
> > *To:* freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
> > *Subject:* [Freeipa-users] Importing /etc/sudoers into IPA.____
> >
> > __ __
> >
> > Hello All.____
> >
> > __ __
> >
> > I'm planning to migrate the /etc/sudoers into the IPA.____
> >
> > I have read that sudoers2ldif should be used to import /etc/sudoers
> > into LDAP.____
> >
> > http://www.sudo.ws/sudo/readme_ldap.html ____
> >
> > The script will work as is? or changes should be add?____
> >
> > Should the users and group mentioned in sudoers be created
> > beforehand?____
> >
> > __ __
> >
> > Thanks,____
> >
> > Genadi.____
> >
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141228/dafeb6f9/attachment.htm>
More information about the Freeipa-users
mailing list