[Samba] samba4 pdc: Import sudoers active directory schema to ldb
george Nopicture
mad-proffessor at hotmail.com
Thu Jul 11 13:49:17 MDT 2013
Any updates on this? I am thinking this schema is lacking the sudoers base cn like in openldap we have ou=SUDOERS,cn=...
From: mad-proffessor at hotmail.com
To: samba at lists.samba.org
CC: samba-technical at lists.samba.org
Subject: RE: [Samba] samba4 pdc: Import sudoers active directory schema to ldb
Date: Sun, 30 Jun 2013 17:36:16 +0300
> Date: Sun, 30 Jun 2013 06:49:26 +0200
> From: geza at kzsdabas.hu
> To: samba at lists.samba.org; mad-proffessor at hotmail.com
> CC: samba-technical at lists.samba.org
> Subject: Re: [Samba] samba4 pdc: Import sudoers active directory schema to ldb
>
> 2013-06-29 11:00 keltezéssel, george Nopicture írta:
> > Hi guys and congrats for bringing a fantastic project to the open source world. I' ve setup a samba4 pdc succefully and i am able to do domain logins. I was also able to add the automount schema into the ldb. But when it comes to sudoers schema i cant import it in.
> > Further system details:
> > Debian wheezy 7,
> > samba 4.0.6 compiled from source,
> > sudo-ldap standard binary package from repos.
> > I have split the sudoers active directory schema that came with sudo to 2 ldifs(classSchema apart from attributeSchema) and tried to import them in but i had no luck. I googled around but came up nothing about it.
> > This is the error i get:
> > ERR: (Invalid attribute syntax) "LDAP error 21 LDAP_INVALID_ATTRIBUTE_SYNTAX - <0000200B: objectclass_attrs: attribute 'mayContain' on entry 'CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com' contains at least one invalid value!> <>" on DN CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com at block before line 31.
> >
> >
> First: I've cc-ed samba-technical as extending the schema is still an
> experimental feature.
> Second: it would be helpful to be able to look at the ldif files you try
> to load (messages like block before line 31 doesn't make too much sense
> without it)
>
> Regards
>
> Geza Gemes
Hello, it appears that i have directly sent you some emails at your
personal email address, sorry for that.I am attaching the 2 files for the list and i am
also posting their contents here.
sudoers-class.ldif:
dn: CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: classSchema
cn: sudoRole
distinguishedName: CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com
instanceType: 4
possSuperiors: container
possSuperiors: top
subClassOf: top
governsID: 1.3.6.1.4.1.15953.9.2.1
mayContain: sudoUser
mayContain: sudoHost
mayContain: sudoCommand
mayContain: sudoRunAs
mayContain: sudoOption
mayContain: sudoRunAsUser
mayContain: sudoRunAsGroup
mayContain: sudoNotBefore
mayContain: sudoNotAfter
mayContain: sudoOrder
rDNAttID: cn
showInAdvancedViewOnly: FALSE
adminDisplayName: sudoRole
adminDescription: Sudoer Entries
objectClassCategory: 1
lDAPDisplayName: sudoRole
name: sudoRole
schemaIDGUID:: SQn432lnZ0+ukbdh3+gN3w==
systemOnly: FALSE
objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=example,DC=com
defaultObjectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com
sudoers.ldif
dn: CN=sudoUser,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
cn: sudoUser
distinguishedName: CN=sudoUser,CN=Schema,CN=Configuration,DC=example,DC=com
instanceType: 4
attributeID: 1.3.6.1.4.1.15953.9.1.1
attributeSyntax: 2.5.5.5
isSingleValued: FALSE
showInAdvancedViewOnly: TRUE
adminDisplayName: sudoUser
adminDescription: User(s) who may run sudo
oMSyntax: 22
searchFlags: 1
lDAPDisplayName: sudoUser
name: sudoUser
schemaIDGUID:: JrGcaKpnoU+0s+HgeFjAbg==
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com
dn: CN=sudoHost,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
cn: sudoHost
distinguishedName: CN=sudoHost,CN=Schema,CN=Configuration,DC=example,DC=com
instanceType: 4
attributeID: 1.3.6.1.4.1.15953.9.1.2
attributeSyntax: 2.5.5.5
isSingleValued: FALSE
showInAdvancedViewOnly: TRUE
adminDisplayName: sudoHost
adminDescription: Host(s) who may run sudo
oMSyntax: 22
lDAPDisplayName: sudoHost
name: sudoHost
schemaIDGUID:: d0TTjg+Y6U28g/Y+ns2k4w==
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com
dn: CN=sudoCommand,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
cn: sudoCommand
distinguishedName: CN=sudoCommand,CN=Schema,CN=Configuration,DC=example,DC=com
instanceType: 4
attributeID: 1.3.6.1.4.1.15953.9.1.3
attributeSyntax: 2.5.5.5
isSingleValued: FALSE
showInAdvancedViewOnly: TRUE
adminDisplayName: sudoCommand
adminDescription: Command(s) to be executed by sudo
oMSyntax: 22
lDAPDisplayName: sudoCommand
name: sudoCommand
schemaIDGUID:: D6QR4P5UyUen3RGYJCHCPg==
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com
dn: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
cn: sudoRunAs
distinguishedName: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=example,DC=com
instanceType: 4
attributeID: 1.3.6.1.4.1.15953.9.1.4
attributeSyntax: 2.5.5.5
isSingleValued: FALSE
showInAdvancedViewOnly: TRUE
adminDisplayName: sudoRunAs
adminDescription: User(s) impersonated by sudo (deprecated)
oMSyntax: 22
lDAPDisplayName: sudoRunAs
name: sudoRunAs
schemaIDGUID:: CP98mCQTyUKKxGrQeM80hQ==
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com
dn: CN=sudoOption,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
cn: sudoOption
distinguishedName: CN=sudoOption,CN=Schema,CN=Configuration,DC=example,DC=com
instanceType: 4
attributeID: 1.3.6.1.4.1.15953.9.1.5
attributeSyntax: 2.5.5.5
isSingleValued: FALSE
showInAdvancedViewOnly: TRUE
adminDisplayName: sudoOption
adminDescription: Option(s) followed by sudo
oMSyntax: 22
lDAPDisplayName: sudoOption
name: sudoOption
schemaIDGUID:: ojaPzBBlAEmsvrHxQctLnA==
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com
dn: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
cn: sudoRunAsUser
distinguishedName: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=example,DC=com
instanceType: 4
attributeID: 1.3.6.1.4.1.15953.9.1.6
attributeSyntax: 2.5.5.5
isSingleValued: FALSE
showInAdvancedViewOnly: TRUE
adminDisplayName: sudoRunAsUser
adminDescription: User(s) impersonated by sudo
oMSyntax: 22
lDAPDisplayName: sudoRunAsUser
name: sudoRunAsUser
schemaIDGUID:: 9C52yPYd3RG3jMR2VtiVkw==
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com
dn: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
cn: sudoRunAsGroup
distinguishedName: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=example,DC=com
instanceType: 4
attributeID: 1.3.6.1.4.1.15953.9.1.7
attributeSyntax: 2.5.5.5
isSingleValued: FALSE
showInAdvancedViewOnly: TRUE
adminDisplayName: sudoRunAsGroup
adminDescription: Groups(s) impersonated by sudo
oMSyntax: 22
lDAPDisplayName: sudoRunAsGroup
name: sudoRunAsGroup
schemaIDGUID:: xJhSt/Yd3RGJPTB1VtiVkw==
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com
dn: CN=sudoNotBefore,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
cn: sudoNotBefore
distinguishedName: CN=sudoNotBefore,CN=Schema,CN=Configuration,DC=example,DC=com
instanceType: 4
attributeID: 1.3.6.1.4.1.15953.9.1.8
attributeSyntax: 1.3.6.1.4.1.1466.115.121.1.24
isSingleValued: TRUE
showInAdvancedViewOnly: TRUE
adminDisplayName: sudoNotBefore
adminDescription: Start of time interval for which the entry is valid
oMSyntax: 22
lDAPDisplayName: sudoNotBefore
name: sudoNotBefore
schemaIDGUID:: xJhSt/Yd3RGJPTB1VtiVkw==
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com
dn: CN=sudoNotAfter,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
cn: sudoNotAfter
distinguishedName: CN=sudoNotAfter,CN=Schema,CN=Configuration,DC=example,DC=com
instanceType: 4
attributeID: 1.3.6.1.4.1.15953.9.1.9
attributeSyntax: 1.3.6.1.4.1.1466.115.121.1.24
isSingleValued: TRUE
showInAdvancedViewOnly: TRUE
adminDisplayName: sudoNotAfter
adminDescription: End of time interval for which the entry is valid
oMSyntax: 22
lDAPDisplayName: sudoNotAfter
name: sudoNotAfter
schemaIDGUID:: xJhSt/Yd3RGJPTB1VtiVkw==
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com
dn: CN=sudoOrder,CN=Schema,CN=Configuration,DC=example,DC=com
objectClass: top
objectClass: attributeSchema
cn: sudoOrder
distinguishedName: CN=sudoOrder,CN=Schema,CN=Configuration,DC=example,DC=com
instanceType: 4
attributeID: 1.3.6.1.4.1.15953.9.1.10
attributeSyntax: 1.3.6.1.4.1.1466.115.121.1.27
isSingleValued: TRUE
showInAdvancedViewOnly: TRUE
adminDisplayName: sudoOrder
adminDescription: an integer to order the sudoRole entries
oMSyntax: 22
lDAPDisplayName: sudoOrder
name: sudoOrder
schemaIDGUID:: xJhSt/Yd3RGJPTB1VtiVkw==
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com
Thanks, George
More information about the samba-technical
mailing list