diff options
Diffstat (limited to 'install')
-rw-r--r-- | install/share/schema_compat.uldif | 2 | ||||
-rw-r--r-- | install/updates/10-schema_compat.update | 9 |
2 files changed, 7 insertions, 4 deletions
diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif index 79fce21b0..b5f61bb10 100644 --- a/install/share/schema_compat.uldif +++ b/install/share/schema_compat.uldif @@ -96,7 +96,7 @@ add:schema-compat-entry-attribute: 'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}' add:schema-compat-entry-attribute: 'sudoRunAsUser=%deref("ipaSudoRunAs","uid")' add:schema-compat-entry-attribute: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")' add:schema-compat-entry-attribute: 'sudoRunAsGroup=%{ipaSudoRunAsExtGroup}' -add:schema-compat-entry-attribute: 'sudoRunAsGroup=%deref("ipaSudoRunAs","cn")' +add:schema-compat-entry-attribute: 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")' add:schema-compat-entry-attribute: 'sudoOption=%{ipaSudoOpt}' dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config diff --git a/install/updates/10-schema_compat.update b/install/updates/10-schema_compat.update index 6f0ed9080..7c362105d 100644 --- a/install/updates/10-schema_compat.update +++ b/install/updates/10-schema_compat.update @@ -1,10 +1,13 @@ dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config only:schema-compat-entry-rdn:'%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")' -replace: schema-compat-entry-attribute:'sudoRunAsGroup=%deref("ipaSudoRunAs","cn")::sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")' - -dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config add:schema-compat-entry-attribute: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")' add:schema-compat-entry-attribute: 'sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}' +# Fix for #4324 (regression of #1309) +remove:schema-compat-entry-attribute:'sudoRunAsGroup=%deref("ipaSudoRunAs","cn")' + +# We need to add the value in a separate transaction +dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config +add: schema-compat-entry-attribute: 'sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")' # Change padding for host and userCategory so the pad returns the same value # as the original, '' or -. |