mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 14:25:15 +00:00
Code Issues Releases Wiki Activity

Break schema out into separate files.

Browse Source
This commit is contained in:
Todd C. Miller
2007-06-22 00:35:19 +00:00
parent fd7a9af876
commit d8d7657c50
2 changed files with 23 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
Makefile.in
View File

@@ -137,14 +137,15 @@ LIB_OBJS = @LIBOBJS@ @ALLOCA@
VERSION = 1.7
DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \
LICENSE Makefile.in PORTING README README.LDAP TODO \
TROUBLESHOOTING UPGRADE aclocal.m4 acsite.m4 aixcrypt.exp \
config.guess config.h.in config.sub configure configure.in \
def_data.in indent.pro install-sh ltmain.sh mkdefaults \
mkinstalldirs pathnames.h.in sample.pam sample.syslog.conf \
sample.sudoers sudo.cat sudo.man.in sudo.pod sudo.psf sudoers \
sudoers.cat sudoers.man.in sudoers.pod sudoers2ldif visudo.cat \
visudo.man.in visudo.pod auth/API
LICENSE Makefile.in PORTING README README.LDAP TODO \
TROUBLESHOOTING UPGRADE aclocal.m4 acsite.m4 aixcrypt.exp \
config.guess config.h.in config.sub configure configure.in \
def_data.in indent.pro install-sh ltmain.sh mkdefaults \
mkinstalldirs pathnames.h.in sample.pam sample.syslog.conf \
sample.sudoers schema.OpenLDAP schema.iPlanet sudo.cat \
sudo.man.in sudo.pod sudo.psf sudoers sudoers.cat \
sudoers.man.in sudoers.pod sudoers2ldif visudo.cat \
visudo.man.in visudo.pod auth/API
BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \
UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \

84
README.LDAP
View File

@@ -94,19 +94,17 @@ Design Features
Build instructions
==================
The most simplest way to build sudo with LDAP support is to include the
'--with-ldap' option. I recommend including the '--with-pam' option on those
system with PAM so that if you decide to use LDAP for authentication, you won't
need to recompile sudo.
'--with-ldap' option.
$ ./configure --with-ldap --with-pam
$ ./configure --with-ldap
If your ldap libraries and headers are in a non standard place, you will need
to specify them at configure time.
If your ldap libraries and headers are in a non-standard place, you will need
to specify them at configure time. E.g.
$ ./configure --with-ldap=/usr/local/ldapsdk --with-pam
$ ./configure --with-ldap=/usr/local/ldapsdk
Sudo is tested against OpenLDAP's implementation. Other LDAP implementations
may require adding '-lldif' to SUDO_LIBS in the Makefile.
Sudo is developed using OpenLDAP. Other LDAP implementations may
require adding '-lldif' to SUDO_LIBS in the Makefile.
Your Mileage may vary. Please let Aaron Spangler <aaron@spangler.ods.org>
know what combinations worked best for your OS & LDAP Combinations so we can
@@ -118,69 +116,15 @@ HP-UX 11.23 (gcc3) Galen Johnson <Galen.Johnson@sas.com>
Schema Changes
==============
Add the following schema to your LDAP server so that it may contain sudoer
content. In OpenLDAP, simply place this into a new file and 'include' it
in your slapd.conf and restart slapd. For other LDAP servers, provide this
to your LDAP Administrator. Make sure to index the attribute 'sudoUser'.
#
# schema file for sudo
#
attributetype ( 1.3.6.1.4.1.15953.9.1.1
NAME 'sudoUser'
DESC 'User(s) who may run sudo'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.2
NAME 'sudoHost'
DESC 'Host(s) who may run sudo'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.3
NAME 'sudoCommand'
DESC 'Command(s) to be executed by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.4
NAME 'sudoRunAs'
DESC 'User(s) impersonated by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.5
NAME 'sudoOption'
DESC 'Options(s) followed by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
DESC 'Sudoer Entries'
MUST ( cn )
MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $
description )
)
#
# Same thing as above, but imports better into SunONE or iPlanet
# (remove any leading spaces and save to a seperate file)
#
dn: cn=schema
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' )
Add the appropriate schema to your LDAP server so that it may contain
sudoers content.
For OpenLDAP, simply copy schema.OpenLDAP to the schema directory
(e.g. /etc/openldap/schema) and 'include' it in your slapd.conf and
restart slapd. For other LDAP servers, provide this to your LDAP
Administrator. Make sure to index the attribute 'sudoUser'.
For the SunONE or iPlanet LDAP server, use the schema.iPlanet file.
Importing /etc/sudoers to LDAP
==============================