FW: Ldif format

Galen Johnson Galen.Johnson at sas.com
Sat May 22 15:17:20 EDT 2004 

Hey Aaron,

I tried to take this offlist but I guess it never made it that far.  However, upon further reflection I believe others may find your answer of use.  I haven't grabbed the 1.6.8b1 release yet but in the cvs version there was a placeholder in the readme to put an example.  I'm sure this example could easily be made more complicated and it might be useful to do so and use the results for your example.

=G=


-----Original Message-----
From: Galen Johnson
Sent: Wed 5/19/2004 12:53 PM
To: Aaron Spangler
Subject: Ldif format
 
Hey Aaron,

By any chance would you have an example of what a correct ldif would look like?  I'm not entirely convinced the output I'm getting from sudoers2ldif is even remotely correct (I see no sudoOptions anywhere).

It would be very helpful to see what one would expect from a sudoers file similar to the following:

# Host alias specification
Host_Alias	UNIXSERVERS = unxsrv01, unxsrv02, unxsrv03, unxsrv04, unxsrv05
Host_Alias	LINUXSERVERS = lnxsrv01, lnxsrv02

# User alias specification
User_Alias	ADMINS = admin1, admin2, admin3, admin4, admin5
User_Alias	POWERUSERS = pwusr1, pwusr2, pwusr3, pwusr4, pwusr5

# Runas alias specification
Runas_Alias	ADM = ra_user1
Runas_Alias	ADMPLUS = ra_user1, ra_user2

# Cmnd alias specification
Cmnd_Alias	SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
                        /usr/local/bin/tcsh, /usr/bin/rsh, \
                        /usr/local/bin/zsh
Cmnd_Alias	EDITORS = /usr/bin/vi, /usr/bin/view, /usr/local/bin/nedit, /usr/local/bin/less, /usr/local/bin/emacs \
				/bin/more, /usr/local/bin/vim, /usr/local/bin/view
Cmnd_Alias	SUCOM = /usr/bin/dump, /usr/bin/shutdown

# Defaults specification
Defaults	!root_sudo, ignore_local_sudoers, always_set_home, passprompt="Your password: ", \
		mail_no_perms, mail_no_host, runas_default=adm, mail_no_user, \
		!set_logname, syslog=local2, mailto="root at domain.com"

# User privilege specification
ADMINS	LINUXSERVERS, UNIXSERVERS=(ADMPLUS) ALL, NOEXEC:EDITORS, !SHELLS, NOPASSWD:SUCOM
SAS	UNIXSERVERS = (ADM) ALL, !SHELLS

Knowing exactly what I could expect (or rather sudo expects of the LDAP entity) I believe I can easily adapt the sudoers2ldif script to accomplish this.

=G=

Galen Johnson; SCSA, CCNA 
Systems Administrator
ASP Market Development 
SAS 
919-531-9223

QOTD:
Leaders have to lead-they have to act in the very clear self-interest of their companies and their customers. Sure it's a good idea to be aware of such entanglements and to give some thought to how they might play out, but don't let that awareness spread to fixation. Because if we allow ourselves to drift into paralysis over something like what might happen, we'll miss market opportunities, slow the pace of innovation and transformation, and give competitors a break that they surely haven't earned,
         -Randy Mott, Dell's CIO speaking about the SCO/Linux lawsuit

More information about the sudo-users mailing list