FW: Ldif format
Galen Johnson
Galen.Johnson at sas.com
Sat May 22 15:17:20 EDT 2004
Hey Aaron,
I tried to take this offlist but I guess it never made it that far. However, upon further reflection I believe others may find your answer of use. I haven't grabbed the 1.6.8b1 release yet but in the cvs version there was a placeholder in the readme to put an example. I'm sure this example could easily be made more complicated and it might be useful to do so and use the results for your example.
=G=
-----Original Message-----
From: Galen Johnson
Sent: Wed 5/19/2004 12:53 PM
To: Aaron Spangler
Subject: Ldif format
Hey Aaron,
By any chance would you have an example of what a correct ldif would look like? I'm not entirely convinced the output I'm getting from sudoers2ldif is even remotely correct (I see no sudoOptions anywhere).
It would be very helpful to see what one would expect from a sudoers file similar to the following:
# Host alias specification
Host_Alias UNIXSERVERS = unxsrv01, unxsrv02, unxsrv03, unxsrv04, unxsrv05
Host_Alias LINUXSERVERS = lnxsrv01, lnxsrv02
# User alias specification
User_Alias ADMINS = admin1, admin2, admin3, admin4, admin5
User_Alias POWERUSERS = pwusr1, pwusr2, pwusr3, pwusr4, pwusr5
# Runas alias specification
Runas_Alias ADM = ra_user1
Runas_Alias ADMPLUS = ra_user1, ra_user2
# Cmnd alias specification
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
/usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh
Cmnd_Alias EDITORS = /usr/bin/vi, /usr/bin/view, /usr/local/bin/nedit, /usr/local/bin/less, /usr/local/bin/emacs \
/bin/more, /usr/local/bin/vim, /usr/local/bin/view
Cmnd_Alias SUCOM = /usr/bin/dump, /usr/bin/shutdown
# Defaults specification
Defaults !root_sudo, ignore_local_sudoers, always_set_home, passprompt="Your password: ", \
mail_no_perms, mail_no_host, runas_default=adm, mail_no_user, \
!set_logname, syslog=local2, mailto="root at domain.com"
# User privilege specification
ADMINS LINUXSERVERS, UNIXSERVERS=(ADMPLUS) ALL, NOEXEC:EDITORS, !SHELLS, NOPASSWD:SUCOM
SAS UNIXSERVERS = (ADM) ALL, !SHELLS
Knowing exactly what I could expect (or rather sudo expects of the LDAP entity) I believe I can easily adapt the sudoers2ldif script to accomplish this.
=G=
Galen Johnson; SCSA, CCNA
Systems Administrator
ASP Market Development
SAS
919-531-9223
QOTD:
Leaders have to lead-they have to act in the very clear self-interest of their companies and their customers. Sure it's a good idea to be aware of such entanglements and to give some thought to how they might play out, but don't let that awareness spread to fixation. Because if we allow ourselves to drift into paralysis over something like what might happen, we'll miss market opportunities, slow the pace of innovation and transformation, and give competitors a break that they surely haven't earned,
-Randy Mott, Dell's CIO speaking about the SCO/Linux lawsuit
More information about the sudo-users
mailing list