Hi,
I am trying to acheive centralizing SUDO, but facing an issue,i suspect its something to do with sudoers.schema, May be am wrong. I think somehow the slapd process is not able to read it. Please suggest how to fix the issue.
My LDAP structure is like : dc=example,dc=com Under this I have OU=People and i have created a OU called SUDOers. Then i have used the sudoers2ldif to generate the LDIF file for me. I have setted the env variable SUDOERS_BASE=ou=SUDOers,dc=example,dc=com. Then when am trying to add the ldif file it shows me below error. t710x02-6:/etc/openldap/schema # ldapadd -f /opt/newsudo.ldif -h 127.0.0.1 -D cn=Manager,dc=example,dc=com -W -x Enter LDAP Password: adding new entry "cn=defaults,ou=SUDOers,dc=example,dc=com"
ldap_add: Invalid syntax (21)
additional info: objectClass: value #0 invalid per syntax
sudoers.ldif dn: cn=defaults,ou=SUDOers,dc=example,dc=com #objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here sudoOption: always_set_home sudoOption: env_reset sudoOption: env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE" sudoOption: targetpw
dn: cn=ALL,ou=SUDOers,dc=example,dc=com objectClass: top objectClass: sudoRole cn: ALL sudoUser: ALL sudoHost: ALL sudoRunas: ALL sudoCommand: ALL
dn: cn=root,ou=SUDOers,dc=example,dc=com objectClass: top objectClass: sudoRole cn: root sudoUser: root sudoHost: ALL sudoRunas: ALL sudoCommand: ALL
dn: cn=prad,ou=SUDOers,dc=example,dc=com objectClass: top objectClass: sudoRole cn: prad sudoUser: prad sudoHost: ALL sudoRunas: ALL sudoCommand: ALL
sudoers.schema # # OpenLDAP schema file for Sudo # Save as /etc/openldap/schema/sudo.schema #
attributetype ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ description ) )
Please help me to solve this issue.
I am using SLES 11 and SUDO 1.6.9p17
Regards, Neo