[Freeipa-users] Wildcards in sudo external hostnames
Prashant Bapat
prashant at apigee.com
Fri Feb 19 05:57:16 UTC 2016
Hi,
I'm using FreeIPA 4.1.4 with nss-pam-ldapd and the compat schema.
I'm thinking of moving sudo rules to IPA and with *ou=sudoers* and
sudo-ldap this works.
In our setup we have lot of rules with wildcard matching for sudo
hostnames. For ex webserver*, dbserver* etc.
In the IPA UI, when I try to add the hostname with wildcard (*) char I get
an error from UI. * is not allowed char.
Looks like the UI is trying to validate the hostname using
validate_dns_label in ipa/util.py and obviously * is not one of the allowed
chars.
Taking a look at the documentation of sudo, wildcards are pretty widely
used. More info here
https://www.sudo.ws/man/1.8.15/sudoers.man.html#x57696c646361726473
Other than editing the LDAP schema outside of IPA (this will work) what are
the other options to solve this ?
Thanks.
--Prashant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160219/cdcb82af/attachment.htm>
More information about the Freeipa-users
mailing list