From 86847433085c78d831b833142f64226318d216d9 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 22 Nov 2015 09:36:24 +0100 Subject: [PATCH] saving uncommitted changes in /etc prior to emerge run --- .etckeeper | 1 + ldap.conf.sudo | 2 +- openldap/schema/sudo.schema | 76 +++++++++++++++++++++++++++++++++++++ 3 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 openldap/schema/sudo.schema diff --git a/.etckeeper b/.etckeeper index 0e726f1..bbb96ea 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1991,6 +1991,7 @@ maybe chmod 0644 'openldap/schema/ppolicy.schema.default' maybe chmod 0644 'openldap/schema/quota.schema' maybe chmod 0644 'openldap/schema/rfc2307bis.schema' maybe chmod 0644 'openldap/schema/samba.schema' +maybe chmod 0644 'openldap/schema/sudo.schema' maybe chgrp 'ldap' 'openldap/slapd.conf' maybe chmod 0640 'openldap/slapd.conf' maybe chgrp 'ldap' 'openldap/slapd.conf.default' diff --git a/ldap.conf.sudo b/ldap.conf.sudo index c5d51f9..9d894b5 100644 --- a/ldap.conf.sudo +++ b/ldap.conf.sudo @@ -3,4 +3,4 @@ # supported directives: host, port, ssl, ldap_version # uri, binddn, bindpw, sudoers_base, sudoers_debug -# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key +# tls_{checkpeer,cacertfile,cacertdir,randfile,ciphers,cert,key} diff --git a/openldap/schema/sudo.schema b/openldap/schema/sudo.schema new file mode 100644 index 0000000..d3e95e0 --- /dev/null +++ b/openldap/schema/sudo.schema @@ -0,0 +1,76 @@ +# +# OpenLDAP schema file for Sudo +# Save as /etc/openldap/schema/sudo.schema +# + +attributetype ( 1.3.6.1.4.1.15953.9.1.1 + NAME 'sudoUser' + DESC 'User(s) who may run sudo' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.2 + NAME 'sudoHost' + DESC 'Host(s) who may run sudo' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.3 + NAME 'sudoCommand' + DESC 'Command(s) to be executed by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.4 + NAME 'sudoRunAs' + DESC 'User(s) impersonated by sudo (deprecated)' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.5 + NAME 'sudoOption' + DESC 'Options(s) followed by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.6 + NAME 'sudoRunAsUser' + DESC 'User(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.7 + NAME 'sudoRunAsGroup' + DESC 'Group(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.8 + NAME 'sudoNotBefore' + DESC 'Start of time interval for which the entry is valid' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) + +attributetype ( 1.3.6.1.4.1.15953.9.1.9 + NAME 'sudoNotAfter' + DESC 'End of time interval for which the entry is valid' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) + +attributeTypes ( 1.3.6.1.4.1.15953.9.1.10 + NAME 'sudoOrder' + DESC 'an integer to order the sudoRole entries' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL + DESC 'Sudoer Entries' + MUST ( cn ) + MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ sudoNotAfter $ + description ) + ) -- 2.39.5