5 files changed, 28 insertions, 0 deletions

diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 0e4e8c00b..f46545491 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -254,3 +254,8 @@ ipa_sudorule_usercategory = str, None, false
 ipa_sudorule_runasusercategory = str, None, false
 ipa_sudorule_runasgroupcategory = str, None, false
 ipa_sudorule_entry_usn = str, None, false
+ipa_sudocmdgroup_object_class = str, None, false
+ipa_sudocmdgroup_uuid = str, None, false
+ipa_sudocmdgroup_name = str, None, false
+ipa_sudocmdgroup_member = str, None, false
+ipa_sudocmdgroup_entry_usn = str, None, false
diff --git a/src/db/sysdb_sudo.h b/src/db/sysdb_sudo.h
index cb4bcc236..658d0237a 100644
--- a/src/db/sysdb_sudo.h
+++ b/src/db/sysdb_sudo.h
@@ -66,6 +66,8 @@
 #define SYSDB_IPA_SUDORULE_RUNASUSERCATEGORY  "ipaSudoRunAsUserCategory"
 #define SYSDB_IPA_SUDORULE_RUNASGROUPCATEGORY "ipaSudoRunAsGroupCategory"
 
+#define SYSDB_IPA_SUDOCMDGROUP_OC                 "ipasudocmdgrp"
+
 /* When constructing a sysdb filter, OR these values to include..   */
 #define SYSDB_SUDO_FILTER_NONE           0x00       /* no additional filter */
 #define SYSDB_SUDO_FILTER_USERNAME       0x01       /* username             */
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index d5527aeed..57d93dd64 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -158,6 +158,16 @@ enum ipa_sudorule_attrs {
     IPA_OPTS_SUDORULE
 };
 
+enum ipa_sudocmdgroup_attrs {
+    IPA_OC_SUDOCMDGROUP = 0,
+    IPA_AT_SUDOCMDGROUP_UUID,
+    IPA_AT_SUDOCMDGROUP_NAME,
+    IPA_AT_SUDOCMDGROUP_MEMBER,
+    IPA_AT_SUDOCMDGROUP_ENTRYUSN,
+
+    IPA_OPTS_SUDOCMDGROUP
+};
+
 struct ipa_auth_ctx {
     struct krb5_ctx *krb5_auth_ctx;
     struct sdap_id_ctx *sdap_id_ctx;
diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c
index 25e9a009a..3493984f5 100644
--- a/src/providers/ipa/ipa_opts.c
+++ b/src/providers/ipa/ipa_opts.c
@@ -359,3 +359,12 @@ struct sdap_attr_map ipa_sudorule_map[] = {
     { "ipa_sudorule_entry_usn", "entryUSN", SYSDB_USN, NULL },
     SDAP_ATTR_MAP_TERMINATOR
 };
+
+struct sdap_attr_map ipa_sudocmdgroup_map[] = {
+    { "ipa_sudocmdgroup_object_class", "ipasudocmdgrp", SYSDB_IPA_SUDOCMDGROUP_OC, NULL },
+    { "ipa_sudocmdgroup_uuid", "ipaUniqueID", SYSDB_UUID, NULL },
+    { "ipa_sudocmdgroup_name", "cn", SYSDB_NAME, NULL },
+    { "ipa_sudocmdgroup_member", "member", SYSDB_MEMBER, NULL },
+    { "ipa_sudocmdgroup_entry_usn", "entryUSN", SYSDB_USN, NULL },
+    SDAP_ATTR_MAP_TERMINATOR
+};
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index 6d9e52f73..89acea160 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -60,4 +60,6 @@ extern struct sdap_attr_map ipa_autofs_entry_map[];
 
 extern struct sdap_attr_map ipa_sudorule_map[];
 
+extern struct sdap_attr_map ipa_sudocmdgroup_map[];
+
 #endif /* IPA_OPTS_H_ */