JR Aquino wrote: > I believe there is an oversight in the schema for the ipaSudoCmdGrp object > class. > > The current listing has it using 'groupOfUniqueNames... > > I found that in this format, I could not actually assign a member to > reference an ipaSudoCmd DN... > > After some digging, it appears that the other 'group' objects in the schema > are set to for nestedGroup > > Swapping those values allowed me to make the member adding successfully. > > < objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA > object class to store groups of SUDO commands' SUP groupOfUniqueNames MUST ( > ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' ) > --- > >> objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA >> object class to store groups of SUDO commands' SUP nestedGroup MUST ( >> ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' ) >> > > > Also, there appears to be a compatibility problem with the syntax for > hostMask: > [23/Sep/2010:11:20:40 -0700] attr_syntax_create - Error: the EQUALITY > matching rule [caseIgnoreIA5Match] is not compatible with the syntax > [1.3.6.1.4.1.1466.115.121.1.15] for the attribute [hostMask] > >
Investigating both issues. Stay tuned. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Jr Aquino, GCIH | Information Security Specialist > Citrix Online | 6500 Hollister Avenue | Goleta, CA 93117 > T: +1 805.690.3478 > jr.aqu...@citrixonline.com<mailto:jr.aqu...@citrixonline.com> > http://www.citrixonline.com<http://www.citrixonline.com/> > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel > -- Thank you, Dmitri Pal Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel