sudorule: Allow using external groups as groups of runAsUsers

Adds a new attribute ipaSudoRunAsExtUserGroup and corresponding hooks sudorule plugin. https://fedorahosted.org/freeipa/ticket/4263 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
author: Tomas Babej <tbabej@redhat.com> 2014-05-14 13:09:28 +0200
committer: Petr Viktorin <pviktori@redhat.com> 2014-06-25 20:14:49 +0200
commit: 9304b649a32c57e80f53913d7fbdee92fd76a251 (patch)
tree: 7d87ea988f69bd644d7dd839ea7087f74e3dde32 /install/updates/10-schema_compat.update
parent: a228d7a3cb32b14ff24b47adb14d896d317f6312 (diff)
download: freeipa-9304b649a32c57e80f53913d7fbdee92fd76a251.tar.gz
freeipa-9304b649a32c57e80f53913d7fbdee92fd76a251.tar.xz
freeipa-9304b649a32c57e80f53913d7fbdee92fd76a251.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/install/updates/10-schema_compat.update b/install/updates/10-schema_compat.update
index c45734c55..6f0ed9080 100644
--- a/install/updates/10-schema_compat.update
+++ b/install/updates/10-schema_compat.update
@@ -4,6 +4,7 @@ replace: schema-compat-entry-attribute:'sudoRunAsGroup=%deref("ipaSudoRunAs","cn
 
 dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
 add:schema-compat-entry-attribute: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")'
+add:schema-compat-entry-attribute: 'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}'
 
 # Change padding for host and userCategory so the pad returns the same value
 # as the original, '' or -.
author	Tomas Babej <tbabej@redhat.com>	2014-05-14 13:09:28 +0200
committer	Petr Viktorin <pviktori@redhat.com>	2014-06-25 20:14:49 +0200
commit	9304b649a32c57e80f53913d7fbdee92fd76a251 (patch)
tree	7d87ea988f69bd644d7dd839ea7087f74e3dde32 /install/updates/10-schema_compat.update
parent	a228d7a3cb32b14ff24b47adb14d896d317f6312 (diff)
download	freeipa-9304b649a32c57e80f53913d7fbdee92fd76a251.tar.gz freeipa-9304b649a32c57e80f53913d7fbdee92fd76a251.tar.xz freeipa-9304b649a32c57e80f53913d7fbdee92fd76a251.zip