jonathan/infra
1
0
Fork 0
Code Actions Activity

add sudo schema

Browse Source
This commit is contained in:
Jonathan DeMasi
2026-01-25 19:00:00 -07:00
parent 6f1b19d29a
commit 23be25546a
2 changed files with 20 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ansible/roles/openldap_server/tasks/files/sudo.ldif Normal file
View File

@@ -0,0 +1,11 @@
dn: cn=sudo,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: sudo
olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcObjectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ description ) )

18
ansible/roles/openldap_server/tasks/schemas.yaml
View File

@@ -24,13 +24,13 @@
args: args:
creates: /etc/openldap/schema/.nis_loaded creates: /etc/openldap/schema/.nis_loaded
#- name: Copy sudo schema into place - name: Copy sudo schema into place
# copy: copy:
# src: files/sudo.ldif src: files/sudo.ldif
# dest: /etc/openldap/schema/sudo.ldif dest: /etc/openldap/schema/sudo.ldif
# owner: ldap owner: ldap
# group: ldap group: ldap
# mode: '0600' mode: '0600'
# #
- name: Copy openssh schema into place - name: Copy openssh schema into place
copy: copy:
@@ -46,7 +46,7 @@
args: args:
creates: "/etc/openldap/schema/.{{ item.name }}_loaded" creates: "/etc/openldap/schema/.{{ item.name }}_loaded"
loop: loop:
#- { name: "sudo", file: "/etc/openldap/schema/sudo.ldif" } - { name: "sudo", file: "/etc/openldap/schema/sudo.ldif" }
- { name: "openssh", file: "/etc/openldap/schema/openssh.ldif" } - { name: "openssh", file: "/etc/openldap/schema/openssh.ldif" }
loop_control: loop_control:
label: "{{ item.name }}" label: "{{ item.name }}"
@@ -61,6 +61,6 @@
- { name: "cosine" } - { name: "cosine" }
- { name: "inetorgperson" } - { name: "inetorgperson" }
- { name: "nis" } - { name: "nis" }
# - { name: "sudo" } - { name: "sudo" }
- { name: "openssh" } - { name: "openssh" }