add sudo schema

2026-01-25 19:00:00 -07:00
parent 6f1b19d29a
commit 23be25546a
2 changed files with 20 additions and 9 deletions
--- a/ansible/roles/openldap_server/tasks/files/sudo.ldif
+++ b/ansible/roles/openldap_server/tasks/files/sudo.ldif
@@ -0,0 +1,11 @@
+dn: cn=sudo,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: sudo
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may  run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcObjectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ description ) )
--- a/ansible/roles/openldap_server/tasks/schemas.yaml
+++ b/ansible/roles/openldap_server/tasks/schemas.yaml
@@ -24,13 +24,13 @@
  args:
    creates: /etc/openldap/schema/.nis_loaded

-#- name: Copy sudo schema into place
-#  copy:
-#    src: files/sudo.ldif
-#    dest: /etc/openldap/schema/sudo.ldif
-#    owner: ldap
-#    group: ldap
-#    mode: '0600'
+- name: Copy sudo schema into place
+  copy:
+    src: files/sudo.ldif
+    dest: /etc/openldap/schema/sudo.ldif
+    owner: ldap
+    group: ldap
+    mode: '0600'
 #
 - name: Copy openssh schema into place
  copy:
@@ -46,7 +46,7 @@
  args:
    creates: "/etc/openldap/schema/.{{ item.name }}_loaded"
  loop:
-    #- { name: "sudo", file: "/etc/openldap/schema/sudo.ldif" }
+    - { name: "sudo", file: "/etc/openldap/schema/sudo.ldif" }
    - { name: "openssh", file: "/etc/openldap/schema/openssh.ldif" }
  loop_control:
    label: "{{ item.name }}"
@@ -61,6 +61,6 @@
    - { name: "cosine" }
    - { name: "inetorgperson" }
    - { name: "nis" }
-#    - { name: "sudo" }
+    - { name: "sudo" }
    - { name: "openssh" }