Re: [Freeipa-devel] Should we remove the reset button?

2010-10-24 Thread Dmitri Pal 
Adam Young wrote:
 http://www.useit.com/alertbox/2416.html

 Since we have line level undo (which he advocates) perhaps the reset
 button is not worth while.  Since the user can reload the page at
 will, there is a built in reset button already, and there slight risk
 of hitting the wrong button may in fact outweigh the value of putting
 the feature in place.

 ___
 Freeipa-devel mailing list
 Freeipa-devel@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-devel


Good point might be worth reevaluating.
Ben?

-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [Fwd: [freeipa] #402: SUDO command attribute should be case sensitive]

2010-10-24 Thread Dmitri Pal 
Dmitri Pal wrote:
 Simo Sorce wrote:
   
 On Wed, 20 Oct 2010 15:42:17 -0400
 Dmitri Pal d...@redhat.com wrote:

   
 
 Any suggestions what it should be?
 Should we create a new attribute or there is something handy to reuse?
 
   
 Probably makes sense to add a custom attribute, properly named.

   
 
 Ok I will propose one.
   

The attached patch should address the issue.
I did the change but I have not done the build so view this patch as a
proposal.


-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

From 34896a5f24a9fba8e3483b53a7b30c1bb737 Mon Sep 17 00:00:00 2001
From: Dmitri Pal d...@redhat.com
Date: Sun, 24 Oct 2010 22:37:27 -0400
Subject: [PATCH] [SUDO] 3. Changing command attr to be case sensitive

* Fixed comments
* Added attribute
* Fixed objectclass
---
 install/share/60sudo.ldif |8 +---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/install/share/60sudo.ldif b/install/share/60sudo.ldif
index d7080859be12abd7b1f27a5f9cbeebee44af8969..638f131ba7b2f50dd767f5ea958934d7564429a8 100644
--- a/install/share/60sudo.ldif
+++ b/install/share/60sudo.ldif
@@ -5,9 +5,9 @@ dn: cn=schema
 ## Attributes:  2.16.840.1.113730.3.8.7.x
 ## ObjectClasses:   2.16.840.1.113730.3.8.8.x
 ##
-## Attribute to store DN of a SUDO command or a group of SUDO commands
+## Attribute to store DN of an allowed SUDO command or a group of SUDO commands
 attributetypes: (2.16.840.1.113730.3.8.7.1 NAME 'memberAllowCmd' DESC 'Reference to a command or group of the commands that are allowed by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
-## Attribute to store command category
+## Attribute to store DN of a prohibited SUDO command or a group of SUDO commands
 attributetypes: (2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Reference to a command or group of the commands that are denied by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
 ## Attribute to store command category
 attributeTypes: (2.16.840.1.113730.3.8.7.3 NAME 'cmdCategory' DESC 'Additional classification for commands' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
@@ -29,9 +29,11 @@ attributeTypes: (2.16.840.1.113730.3.8.7.10 NAME 'ipaSudoRunAsExtGroup' DESC 'Mu
 attributeTypes: (2.16.840.1.113730.3.8.7.11 NAME 'ipaSudoRunAsGroupCategory' DESC 'Additional classification for groups' SUP userCategory X-ORIGIN 'IPA v2' )
 ## Attribute to store host mask
 attributeTypes: (2.16.840.1.113730.3.8.7.12 NAME 'hostMask' DESC 'IP mask to identify a subnet.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
+## Attribute to store sudo command
+attributeTypes: (2.16.840.1.113730.3.8.7.13 NAME 'sudoCmd' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactMatch ORDERING caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
 ## Object class for SUDO rules
 objectClasses: (2.16.840.1.113730.3.8.8.1 NAME 'ipaSudoRule' SUP ipaAssociation STRUCTURAL MAY ( externalUser $ externalHost $ hostMask $ memberAllowCmd $ memberDenyCmd $ cmdCategory $ ipaSudoOpt $ ipaSudoRunAs $ ipaSudoRunAsExtUser $ ipaSudoRunAsUserCategory $ ipaSudoRunAsGroup $ ipaSudoRunAsExtGroup $ ipaSudoRunAsGroupCategory ) X-ORIGIN 'IPA v2' )
 ## Object class for SUDO commands
-objectClasses: (2.16.840.1.113730.3.8.8.2 NAME 'ipaSudoCmd' DESC 'IPA object class for SUDO command' STRUCTURAL MUST ( ipaUniqueID $ cn ) MAY  ( memberOf $ description ) X-ORIGIN 'IPA v2' )
+objectClasses: (2.16.840.1.113730.3.8.8.2 NAME 'ipaSudoCmd' DESC 'IPA object class for SUDO command' STRUCTURAL MUST ( ipaUniqueID $ sudoCmd ) MAY  ( memberOf $ description ) X-ORIGIN 'IPA v2' )
 ## Object class for groups of the SUDO commands
 objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA object class to store groups of SUDO commands' SUP groupOfNames MUST ( ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' )
-- 
1.5.5.6

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel