[sudo-users] Sudo + LDAP (Red Hat Directory Server)
Erling Ringen Elvsrud
erlingre at gmail.com
Mon Dec 1 02:30:46 EST 2008
Hello list,
I want to store sudoers in LDAP and have a Red Hat Directory Server.
I try to import the schema (Iplanet)described in README.LDAP (from the
sudo 1.6.8p12 SRPM-file):
[root at testserver schema]# cat 99sudoers.ldif
dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME
'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match
SUBSTR caseExactIA5Substring
sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC
'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR
caseExactIA5Substrings
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC
'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.
1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC
'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.
115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC
'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.
115.121.1.26 X-ORIGIN 'SUDO' )
objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top
STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost
$ sudoComm
and $ sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' )
[root at testserver schema]# service dirsrv restart
Shutting down dirsrv:
testserver... [ OK ]
Starting dirsrv:
testserver...[01/Dec/2008:08:25:40 +0100] - Entry "cn=schema
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC
'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR
caseExactIA5Substring" required attribute "objectclass" missing
[ OK ]
[root at testserver schema]#
Do you have any suggestions for where to start debugging?
Thanks,
Erling
More information about the sudo-users
mailing list