[sudo-users] sudo-ldap: Semantics of empty sudoRunAsUser and sudoRunAsGroup
Michael Ströder
michael at stroeder.com
Fri May 22 12:07:44 MDT 2015
HI!
Disclaimer: I did not check details myself yet.
I've been told by a colleague that semantics are different if attributes
sudoRunAsUser or sudoRunAsGroup are not present at all or contain a
zero-length string.
(Note that only LDAP syntax IA5String actually used allows a zero-length
string as attribute values. All other LDAP syntaxes do not allow that.)
Is that correct?
If yes, is there another sane value not colliding with user/group names etc.
handled semantically equal to a zero-length string?
Ciao, Michael.
More information about the sudo-users
mailing list