On Wed, Dec 08, 2010 at 11:12:34PM +0000, JR Aquino wrote:
> I guess the piece that is still missing then is:
> 
> Instead of:
> 
> sudoHost: hostname.com
> 
> It should be:
> 
> sudoHost: +production <- which is the group assigned to the ipasudorule.

The memberHost "cn=prod,cn=hostgroups,cn=accounts,dc=example,dc=com" in
the rule is a hostgroup but not a netgroup, so I think it's doing the
right thing by resolving the group down to its members' names.

Nalin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to