[sudo-workers] sudo ldap: handle multiple roles with same name

Siem Korteweg Siem.Korteweg at qnh.nl
Wed Apr 28 07:13:56 EDT 2010


Hi,

sudoers2ldiff assigns (as documented) the same dn to all entries for a single
user/group.
The following diff assigns unique dn's by adding a sequence number when a
user/group appears again in the input:

[root at centos53 sudo]# diff ./sudoers2ldif ./sudo-1.7.2p5/sudoers2ldif
26d25
< my %DN;                               # Hold index for each cn.
82,92c81
<       my $cn=$users[ 0 ];
<       if ( $DN{ $cn } )               # cn already processed?
<       {
<           $cn = sprintf( "%s_%d", $users[ 0 ], $DN{ $users[ 0 ] } );
<           $DN{ $users[0] } += 1;      # indicate next index for this cn
<       }
<       else
<       {
<           $DN{ $users[0] } = 1;       # indicate next index for this cn
<       }
<       print "dn: cn=$cn,$base\n";
---
>       print "dn: cn=$users[0],$base\n";
95c84
<       print "cn: $cn\n";
---
>       print "cn: $users[0]\n";

This is a crude approach. However, it avoids errors during the import.

regards,
Siem Korteweg



More information about the sudo-workers mailing list