[Freeipa-devel] sudo schema
Dmitri Pal
dpal at redhat.com
Thu Sep 23 21:08:53 UTC 2010
JR Aquino wrote:
> I believe there is an oversight in the schema for the ipaSudoCmdGrp object class.
>
> The current listing has it using 'groupOfUniqueNames...
>
> I found that in this format, I could not actually assign a member to reference an ipaSudoCmd DN...
>
> After some digging, it appears that the other 'group' objects in the schema are set to for nestedGroup
>
> Swapping those values allowed me to make the member adding successfully.
>
> < objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA object class to store groups of SUDO commands' SUP groupOfUniqueNames MUST ( ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' )
> ---
>
>> objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA object class to store groups of SUDO commands' SUP nestedGroup MUST ( ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' )
>>
>
>
> Also, there appears to be a compatibility problem with the syntax for hostMask:
> [23/Sep/2010:11:20:40 -0700] attr_syntax_create - Error: the EQUALITY matching rule [caseIgnoreIA5Match] is not compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [hostMask]
>
>
Investigating both issues. Stay tuned.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Jr Aquino, GCIH | Information Security Specialist
> Citrix Online | 6500 Hollister Avenue | Goleta, CA 93117
> T: +1 805.690.3478
> jr.aquino at citrixonline.com<mailto:jr.aquino at citrixonline.com>
> http://www.citrixonline.com<http://www.citrixonline.com/>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list