Bug 713209

Summary: Sudo Schema is old and needs updating
Product: [Retired] 389 Reporter: Jr Aquino <jr.aquino>
Component: SchemaAssignee: Nathan Kinder <nkinder>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: high Docs Contact:
Priority: unspecified    
Version: 1.2.9CC: amsharma, dpal, rmeggins
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 720459 (view as bug list) Environment:
Last Closed: 2015-12-07 16:58:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 690318, 708096, 720459    
Attachments:
Description Flags
Current Sudo Schema
none
Patch nkinder: review?, rmeggins: review+

Description Jr Aquino 2011-06-14 16:37:06 UTC 
Created attachment 504721 [details]
Current Sudo Schema

Description of problem:
The current schema for Sudo in 389ds is old and lacking attributes currently used by modern implementations of Sudo.  Particularly FreeIPA

New Schema attached.
Comment 3 Nathan Kinder 2011-07-07 20:59:49 UTC 
Created attachment 511796 [details]
Patch
Comment 4 Nathan Kinder 2011-07-07 21:20:03 UTC 
Pushed to master.  Thanks to Rich for his review!

Counting objects: 17, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (8/8), done.
Writing objects: 100% (9/9), 1.08 KiB, done.
Total 9 (delta 7), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   dfcc435..65553ca  master -> master
Comment 11 Amita Sharma 2011-09-26 08:08:25 UTC 
[root@snmaptest schema]# grep -i RunAsUser /etc/dirsrv/slapd-M1/schema/*
/etc/dirsrv/slapd-M1/schema/60sudo.ldif:  NAME 'sudoRunAsUser'
/etc/dirsrv/slapd-M1/schema/60sudo.ldif:  MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $

[root@snmaptest schema]# grep -i sudoRunAsGroup /etc/dirsrv/slapd-M1/schema/*
/etc/dirsrv/slapd-M1/schema/60sudo.ldif:  NAME 'sudoRunAsGroup'
/etc/dirsrv/slapd-M1/schema/60sudo.ldif:        sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $

[root@snmaptest schema]# grep -i sudoNotBefore /etc/dirsrv/slapd-M1/schema/*
/etc/dirsrv/slapd-M1/schema/60sudo.ldif:   NAME 'sudoNotBefore'
/etc/dirsrv/slapd-M1/schema/60sudo.ldif:        sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $

[root@snmaptest schema]# grep -i sudoNotAfter /etc/dirsrv/slapd-M1/schema/*
/etc/dirsrv/slapd-M1/schema/60sudo.ldif:  NAME 'sudoNotAfter'
/etc/dirsrv/slapd-M1/schema/60sudo.ldif:        sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $

[root@snmaptest schema]# grep -i sudoOrder /etc/dirsrv/slapd-M1/schema/*
/etc/dirsrv/slapd-M1/schema/60sudo.ldif:  NAME 'sudoOrder'
/etc/dirsrv/slapd-M1/schema/60sudo.ldif:        sudoOrder $ description )

Hence Verified.