Here is the final patch for sudorule external host and user support. This patch also adds support for adding/removing IpaSudoOpt values. (We some how missed this till the last hour)
This addresses item #6 in ticket 570: (https://fedorahosted.org/freeipa/ticket/570) (This ticket is remarked as critical and has a note: This blocks https://fedorahosted.org/freeipa/ticket/534.) I have included modifications to the sudoplugin.py xmlrpc test to simplify review. Please review and push. On 12/15/10 11:28 AM, "JR Aquino" <jr.aqu...@citrix.com> wrote: >Attached is the patch to provide cli support for external hosts and users. > >This is accomplished similarly to the netgroup plugin. > >If the plugin is input with a hostname/user that does not exist in the >directory, the plugin will then assume that the User had intended for >these objects to be inserted as 'external' entities. It accomplishes >this in a post_callback. > >Just like the netgroup plugin, this introduces a possible caveat where >someone could mistype a user/host and have it inserted as an external >entry, but the CLI attempts to reflect this in its output clearly stating >that an External User or External Host has been added. > >Please review. > >Here is a sample sudorule containing external entries: >*Contained herein are, externaluser, externalhost, as well as sudorunas >and sudorunasgroup* > >dn: >ipaUniqueID=8a9103b8-06cc-11e0-b481-8a3d259cb0b9,cn=sudorules,dc=example,d >c=com >objectClass: ipaassociation >objectClass: ipasudorule >ipaEnabledFlag: TRUE >cn: tester >ipaUniqueID: 8a9103b8-06cc-11e0-b481-8a3d259cb0b9 >ipaSudoRunAs: uid=admin,cn=users,cn=accounts,dc=example,dc=com >ipaSudoRunAsGroup: cn=admins,cn=groups,cn=accounts,dc=example,dc=com >externalUser: testuser >externalHost: host1.example.com > >_______________________________________________ >Freeipa-devel mailing list >Freeipa-devel@redhat.com >https://www.redhat.com/mailman/listinfo/freeipa-devel
bin0MR95PCHiX.bin
Description: freeipa-jraquino-0009-2-SUDO-plugin-support-for-external-hosts-and-users.patch
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel