I'm using FreeIPA 4.1.4 with nss-pam-ldapd and the compat schema.

I'm thinking of moving sudo rules to IPA and with *ou=sudoers* and
sudo-ldap this works.

In our setup we have lot of rules with wildcard matching for sudo
hostnames. For ex webserver*, dbserver* etc.

In the IPA UI, when I try to add the hostname with wildcard (*) char I get
an error from UI. * is not allowed char.

Looks like the UI is trying to validate the hostname using
validate_dns_label in ipa/util.py and obviously * is not one of the allowed

Taking a look at the documentation of sudo, wildcards are pretty widely
used. More info here

Other than editing the LDAP schema outside of IPA (this will work) what are
the other options to solve this ?

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to