Here is the final patch for sudorule external host and user support.
This patch also adds support for adding/removing IpaSudoOpt values. (We
some how missed this till the last hour)

This addresses item #6 in ticket 570:
(This ticket is remarked as critical and has a note: This blocks

I have included modifications to the xmlrpc test to simplify

Please review and push.

On 12/15/10 11:28 AM, "JR Aquino" <> wrote:

>Attached is the patch to provide cli support for external hosts and users.
>This is accomplished similarly to the netgroup plugin.
>If the plugin is input with a hostname/user that does not exist in the
>directory, the plugin will then assume that the User had intended for
>these objects to be inserted as 'external' entities.  It accomplishes
>this in a post_callback.
>Just like the netgroup plugin, this introduces a possible caveat where
>someone could mistype a user/host and have it inserted as an external
>entry, but the CLI attempts to reflect this in its output clearly stating
>that an External User or External Host has been added.
>Please review.
>Here is a sample sudorule containing external entries:
>*Contained herein are, externaluser, externalhost, as well as sudorunas
>and sudorunasgroup*
>objectClass: ipaassociation
>objectClass: ipasudorule
>ipaEnabledFlag: TRUE
>cn: tester
>ipaUniqueID: 8a9103b8-06cc-11e0-b481-8a3d259cb0b9
>ipaSudoRunAs: uid=admin,cn=users,cn=accounts,dc=example,dc=com
>ipaSudoRunAsGroup: cn=admins,cn=groups,cn=accounts,dc=example,dc=com
>externalUser: testuser
>Freeipa-devel mailing list

Attachment: bin0MR95PCHiX.bin
Description: freeipa-jraquino-0009-2-SUDO-plugin-support-for-external-hosts-and-users.patch

Freeipa-devel mailing list

Reply via email to