diff options
| author | Nalin Dahyabhai <nalin@redhat.com> | 2010-12-09 15:31:13 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-12-21 12:29:39 -0500 |
| commit | dd9615d18938cf30a5cc328c80386baea0c78234 (patch) | |
| tree | 25152c00717b73c756e7283bf53ccc9818d38084 | |
| parent | e0c8be0c4cdfa4b14c1ed4fd718f2e3c017a73b7 (diff) | |
| download | freeipa-dd9615d18938cf30a5cc328c80386baea0c78234.tar.gz freeipa-dd9615d18938cf30a5cc328c80386baea0c78234.tar.xz freeipa-dd9615d18938cf30a5cc328c80386baea0c78234.zip | |
sudo: treat mepOriginEntry hostgroups differently - if a hostgroup named by the memberHost attribute is not also a mepOriginEntry, proceed as before - if a hostgroup named by the memberHost attribute is also a mepOriginEntry, read its "cn" attribute, prepend a "+" to it, and call it done
| -rw-r--r-- | install/share/schema_compat.uldif | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif index 0225adbf5..bfe645dc5 100644 --- a/install/share/schema_compat.uldif +++ b/install/share/schema_compat.uldif @@ -78,7 +78,8 @@ add:schema-compat-entry-attribute: 'sudoUser=%ifeq("userCategory","all","ALL","% add:schema-compat-entry-attribute: 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' add:schema-compat-entry-attribute: 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")' add:schema-compat-entry-attribute: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")' -add:schema-compat-entry-attribute: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(objectclass=ipaHostGroup)\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")' +add:schema-compat-entry-attribute: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")' +add:schema-compat-entry-attribute: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")' add:schema-compat-entry-attribute: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' add:schema-compat-entry-attribute: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")' add:schema-compat-entry-attribute: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")' |