Nalin Dahyabhai wrote:
> On Wed, Dec 08, 2010 at 11:12:34PM +0000, JR Aquino wrote:
>> I guess the piece that is still missing then is:
>> Instead of:
>> sudoHost: hostname.com
>> It should be:
>> sudoHost: +production <- which is the group assigned to the ipasudorule.
> The memberHost "cn=prod,cn=hostgroups,cn=accounts,dc=example,dc=com" in
> the rule is a hostgroup but not a netgroup, so I think it's doing the
> right thing by resolving the group down to its members' names.
Can we check that we are running with the same test data set?
In the data set that Nalin uses the sudo rule points to a host group so
according to the rules it gets expanded.
Have you implemented a capability to add a netgroup to the the
memberHost in the SUDO plugin?
If you make a netgroup a member of the SUDO rule the compat plugin will
do what you expect.
> Freeipa-devel mailing list
Sr. Engineering Manager IPA project,
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-devel mailing list