Did you recompile sudo with the --with-ldap flag?
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com]On Behalf Of Sigurður Bjarnason
Sent: Thursday 8 May 2008 15:48
To: General discussion list for the Fedora Directory server project.
Subject: RE: [Fedora-directory-users] Usermod
Thanks... ..I have however SUDO schema for LDAP allready. But I cant seam to figure out
how to allow certain users to login as other users.. L
Should I just allow the users to do su - ... but then they can login as root also right
?..
This is my sudo schema
dn: cn=schema
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who
may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who
may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s)
to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s)
impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s)
followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
X-ORIGIN 'SUDO' )
objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC
'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $
sudoOption $ description ) X-ORIGIN 'SUDO' )
Regards
Siggi
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of FAUCONNIER Valery AWL-IT
Sent: 7. maí 2008 06:31
To: General discussion list for the Fedora Directory server project.
Subject: RE: [Fedora-directory-users] Usermod
There is a schema for sudo entries look at
http://fci.wikia.com/wiki/Setting_Up_A_Centralised_Authentication_Server_...
You have to modify the given shema to be compatible with fds (a script exists to convert
schema):
# cat 77sudo.ldif
#
################################################################################
#
dn: cn=schema
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.15953.9.1.1
NAME 'sudoUser'
DESC 'User(s) who may run sudo'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.15953.9.1.2
NAME 'sudoHost'
DESC 'Host(s) who may run sudo'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.15953.9.1.3
NAME 'sudoCommand'
DESC 'Command(s) to be executed by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.15953.9.1.4
NAME 'sudoRunAs'
DESC 'User(s) impersonated by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
attributeTypes: (
1.3.6.1.4.1.15953.9.1.5
NAME 'sudoOption'
DESC 'Options(s) followed by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
################################################################################
#
objectClasses: (
1.3.6.1.4.1.15953.9.2.1
NAME 'sudoRole'
DESC 'Sudoer Entries'
SUP top
STRUCTURAL
MUST ( cn )
MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description )
)
#
################################################################################
#
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com]On Behalf Of Sigurður Bjarnason
Sent: Monday 5 May 2008 18:33
To: Fedora-directory-users(a)redhat.com
Subject: [Fedora-directory-users] Usermod
Hi All
Is there any way of defineing usermod with FDS ?,
Lets say that I am user "siggi" and I need to give him rights to login as user
"test" is that possible with FDS ?
Regards
Siggi
Atos Worldline SA/NV - Chaussee de Haecht 1442 Haachtsesteenweg
- 1130 Brussels - Belgium
RPM-RPR Bruxelles-Brussel - TVA-BTW BE 0418.547.872
Bankrekening-Compte Bancaire-Bank Account 310-0269424-44
BIC BBRUBEBB - IBAN BE55 3100 2694 2444
"The information contained in this e-mail and any attachment thereto is confidential
and may contain information which is protected by intellectual property rights.
This information is intended for the exclusive use of the recipient(s) named above.
This e-mail does not constitute any binding relationship or offer toward any of the
addressees.
If you are not one of the addressees , one of their employees or a proxy holder entitled
to hand over this message to the addressee(s), any use of the information contained herein
(e.g. reproduction, divulgation, communication or distribution,...) is prohibited.
If you have received this message in error, please notify the sender and destroy it
immediately after.
The integrity and security of this message cannot be guaranteed and it may be subject to
data corruption, interception and unauthorized amendment, for which we accept no
liability."