Issue 7931 - Add sudoers schema to OpenLDAP?
Summary: Add sudoers schema to OpenLDAP?
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.39
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-09-07 02:26 UTC by mike@flyn.org
Modified: 2014-12-05 19:55 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description mike@flyn.org 2014-09-07 02:26:17 UTC 
Full_Name: W. Michael Petullo
Version: 2.4.39
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (24.161.95.149)


I would like to see the sudoers schema shipped with OpenLDAP: 

attributetype ( 1.3.6.1.4.1.15953.9.1.1
	NAME 'sudoUser'
	DESC 'User(s) who may  run sudo'
	EQUALITY caseExactIA5Match
	SUBSTR caseExactIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.2
	NAME 'sudoHost'
	DESC 'Host(s) who may run sudo'
	EQUALITY caseExactIA5Match
	SUBSTR caseExactIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.3
	NAME 'sudoCommand'
	DESC 'Command(s) to be executed by sudo'
	EQUALITY caseExactIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.4
	NAME 'sudoRunAs'
	DESC 'User(s) impersonated by sudo'
	EQUALITY caseExactIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.5
	NAME 'sudoOption'
	DESC 'Options(s) followed by sudo'
	EQUALITY caseExactIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.6
	NAME 'sudoRunAsUser'
	DESC 'User(s) impersonated by sudo'
	EQUALITY caseExactIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.7
	NAME 'sudoRunAsGroup'
	DESC 'Group(s) impersonated by sudo'
	EQUALITY caseExactIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.8
	NAME 'sudoNotBefore'
	DESC 'Start of time interval for which the entry is valid'
	EQUALITY generalizedTimeMatch
	ORDERING generalizedTimeOrderingMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )

attributetype ( 1.3.6.1.4.1.15953.9.1.9
	NAME 'sudoNotAfter'
	DESC 'End of time interval for which the entry is valid'
	EQUALITY generalizedTimeMatch
	ORDERING generalizedTimeOrderingMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )

attributeTypes ( 1.3.6.1.4.1.15953.9.1.10
	NAME 'sudoOrder'
	DESC 'an integer to order the sudoRole entries'
	EQUALITY integerMatch
	ORDERING integerOrderingMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
	DESC 'Sudoer Entries'
	MUST ( cn )
	MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $
		sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $
		sudoOrder $ description )
	)
Comment 1 Michael Ströder 2014-09-08 10:41:40 UTC 
mike@flyn.org wrote:
> I would like to see the sudoers schema shipped with OpenLDAP: 

Hmm, I have no clear opinion on this. But adding an app-specific schema files
means that it has to be updated each time the app developers changes the schema.

Personally I prefer grabbing schema files from the source distribution file of
the application.

Ciao, Michael.
Comment 2 OpenLDAP project 2014-12-05 19:55:55 UTC 
not ours
Comment 3 Howard Chu 2014-12-05 19:55:55 UTC 
changed notes
changed state Open to Closed