I believe there is an oversight in the schema for the ipaSudoCmdGrp object class.
The current listing has it using 'groupOfUniqueNames... I found that in this format, I could not actually assign a member to reference an ipaSudoCmd DN... After some digging, it appears that the other 'group' objects in the schema are set to for nestedGroup Swapping those values allowed me to make the member adding successfully. < objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA object class to store groups of SUDO commands' SUP groupOfUniqueNames MUST ( ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' ) --- > objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA > object class to store groups of SUDO commands' SUP nestedGroup MUST ( > ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' ) Also, there appears to be a compatibility problem with the syntax for hostMask: [23/Sep/2010:11:20:40 -0700] attr_syntax_create - Error: the EQUALITY matching rule [caseIgnoreIA5Match] is not compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [hostMask] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Jr Aquino, GCIH | Information Security Specialist Citrix Online | 6500 Hollister Avenue | Goleta, CA 93117 T: +1 805.690.3478 [email protected]<mailto:[email protected]> http://www.citrixonline.com<http://www.citrixonline.com/> _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
