Collect memberof information for sudo commands.

We weren't searching the cn=sudo container so all members of a
sudocmdgroup looked indirect.

Add a label for sudo command groups.

Update the tests to include verifying that membership is done
properly.

ticket 1003

2 files changed, 7 insertions, 1 deletions

diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 3cb72d7b..0581ea3a 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -65,6 +65,9 @@ global_output_params = (
     Str('memberof_role?',
         label=_('Roles'),
     ),
+    Str('memberof_sudocmdgroup?',
+        label=_('Sudo Command Groups'),
+    ),
     Str('member_privilege?',
         label='Granted to Privilege',
     ),
diff --git a/ipalib/plugins/sudocmd.py b/ipalib/plugins/sudocmd.py
index 50da7225..528d7907 100644
--- a/ipalib/plugins/sudocmd.py
+++ b/ipalib/plugins/sudocmd.py
@@ -55,8 +55,11 @@ class sudocmd(LDAPObject):
         'sudocmd', 'description',
     ]
     default_attributes = [
-        'sudocmd', 'description',
+        'sudocmd', 'description', 'memberof',
     ]
+    attribute_members = {
+        'memberof': ['sudocmdgroup'],
+    }
     uuid_attribute = 'ipauniqueid'
     label = _('SUDO Commands')