[sudo-users] Converting from sudoers to ldif
Todd C. Miller
Todd.Miller at sudo.ws
Thu Feb 22 10:46:08 MST 2018
On Sun, 18 Feb 2018 16:20:43 -0700, "Todd C. Miller" wrote:
> I assume that for most people, converting from file-based sudoers
> to LDAP is a one-way process. Sudo 1.8.23 will contain a cvtsudoers
> utility that takes a sudoers file for input and can convert to JSON,
> LDIF or sudoers for output.
I just committed a first draft of LDIF -> sudoers conversion support
to cvtsudoers, which will be included in sudo 1.8.23.
There are still areas for improvement such as reordering negated
entries to better match the sudoers.ldap semantics, creating user
and host aliases on the fly and comments in the generated file that
describe which sudoRole the line came from.
The output is not always beautiful but it appears to be correct.
- todd
More information about the sudo-users
mailing list