Hi,

I'm using FreeIPA 4.1.4 with nss-pam-ldapd and the compat schema.

I'm thinking of moving sudo rules to IPA and with *ou=sudoers* and
sudo-ldap this works.

In our setup we have lot of rules with wildcard matching for sudo
hostnames. For ex webserver*, dbserver* etc.

In the IPA UI, when I try to add the hostname with wildcard (*) char I get
an error from UI. * is not allowed char.

Looks like the UI is trying to validate the hostname using
validate_dns_label in ipa/util.py and obviously * is not one of the allowed
chars.

Taking a look at the documentation of sudo, wildcards are pretty widely
used. More info here
https://www.sudo.ws/man/1.8.15/sudoers.man.html#x57696c646361726473

Other than editing the LDAP schema outside of IPA (this will work) what are
the other options to solve this ?

Thanks.
--Prashant
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to