diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2013-03-06 10:07:13 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-03-06 16:08:20 +0100 |
| commit | 54080f46b02c04706021a6cd419f5b30d88d2b7b (patch) | |
| tree | e2b53745a0ffd85d136c14b4fa9928355c8c5e4d /install/share | |
| parent | c6fc0413b610e6c9216557d1de0fabd853754d47 (diff) | |
| download | freeipa-54080f46b02c04706021a6cd419f5b30d88d2b7b.tar.gz freeipa-54080f46b02c04706021a6cd419f5b30d88d2b7b.tar.xz freeipa-54080f46b02c04706021a6cd419f5b30d88d2b7b.zip | |
Remove disabled entries from sudoers compat tree.
The removal is triggered by generating an invalid RDN when ipaEnabledFlag of
the original entry is FALSE.
https://fedorahosted.org/freeipa/ticket/3437
Diffstat (limited to 'install/share')
| -rw-r--r-- | install/share/schema_compat.uldif | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif index a93b32771..40b96116d 100644 --- a/install/share/schema_compat.uldif +++ b/install/share/schema_compat.uldif @@ -70,7 +70,7 @@ add:cn: sudoers add:schema-compat-container-group: 'ou=SUDOers, $SUFFIX' add:schema-compat-search-base: 'cn=sudorules, cn=sudo, $SUFFIX' add:schema-compat-search-filter: (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE))) -add:schema-compat-entry-rdn: cn=%{cn} +add:schema-compat-entry-rdn: %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") add:schema-compat-entry-attribute: objectclass=sudoRole add:schema-compat-entry-attribute: 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")' add:schema-compat-entry-attribute: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")' |