Hi, I'm using FreeIPA 4.1.4 with nss-pam-ldapd and the compat schema.
I'm thinking of moving sudo rules to IPA and with *ou=sudoers* and sudo-ldap this works. In our setup we have lot of rules with wildcard matching for sudo hostnames. For ex webserver*, dbserver* etc. In the IPA UI, when I try to add the hostname with wildcard (*) char I get an error from UI. * is not allowed char. Looks like the UI is trying to validate the hostname using validate_dns_label in ipa/util.py and obviously * is not one of the allowed chars. Taking a look at the documentation of sudo, wildcards are pretty widely used. More info here https://www.sudo.ws/man/1.8.15/sudoers.man.html#x57696c646361726473 Other than editing the LDAP schema outside of IPA (this will work) what are the other options to solve this ? Thanks. --Prashant
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project