I try to add the schema for sudoers from README.LDAP in the srpm-file of sudo-1.6.8p12. I assume the iPlanet-version will work best, but get this problem when I restart directory server:
[root@testserver schema]# service dirsrv restart Shutting down dirsrv: testserver... [ OK ] Starting dirsrv: testserver...[27/Nov/2008:10:37:31 +0100] - Entry "cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseE" required attribute "objectclass" missing
[ OK ] [root@testserver schema]# cat 99sudoers.ldif dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseE
xactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseEx
actIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match S
YNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1
.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1
.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sud
oHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' )
Any help to get the schema for sudo correctly added is appreciated.
Thanks,
Erling
Hi All,
Can anybody have a good experience with SAMBA PDC with Fedora Directory Server as the backend LDAP server?
I have a working SAMBA PDC with OpenLDAP as the backend directory server for user,group and computer management.
Is it possible to use Fedora Directory server as the backend LDAP server for Samba PDC?
I want all users,groups and computers to be available in the Directory.
Thanks in Advance.
Premod
On Thu, Nov 27, 2008 at 03:16:07AM -0700, Premod Dev wrote:
Hi All,
Can anybody have a good experience with SAMBA PDC with Fedora Directory Server as the backend LDAP server?
I have a working SAMBA PDC with OpenLDAP as the backend directory server for user,group and computer management.
Is it possible to use Fedora Directory server as the backend LDAP server for Samba PDC?
Yes.
I want all users,groups and computers to be available in the Directory.
The Samba configuration for LDAP is identical between OpenLDAP and FDS.
The only problem is if you allow password changes via Samba via the LDAP password change exop, in which case you'll have to investigate the FreeIPA password-change exop plugin for FDS.
Thanks in Advance.
Premod
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
On Thu, Nov 27, 2008 at 2:16 AM, Premod Dev premodd@decho.com wrote:
Hi All,
Can anybody have a good experience with SAMBA PDC with Fedora Directory Server as the backend LDAP server?
I have a working SAMBA PDC with OpenLDAP as the backend directory server for user,group and computer management.
Is it possible to use Fedora Directory server as the backend LDAP server for Samba PDC?
I want all users,groups and computers to be available in the Directory.
While I don't currently use Samba as a PDC, I am using it with Fedora Directory Services and don't see why it can't also be used for computer accounts as well as users and groups.
Is it possible to use Fedora Directory server as the backend LDAP server for Samba PDC?
Yes.
I want all users,groups and computers to be available in the Directory.
That is what a friend of mine recently set up. And it has been working satisactorily so far for 60+ users. If you want to know more, it might be a good idea to contact me via direct email.
Regards, Wolf
Premod Dev wrote:
Hi All,
Can anybody have a good experience with SAMBA PDC with Fedora Directory Server as the backend LDAP server?
I have a working SAMBA PDC with OpenLDAP as the backend directory server for user,group and computer management.
Is it possible to use Fedora Directory server as the backend LDAP server for Samba PDC?
I want all users,groups and computers to be available in the Directory.
Ofcourse its possible. You may want to look at this link for further guidance. http://directory.fedoraproject.org/wiki/Howto:Samba
Hi Sigid,
Please see the following comment from the wiki,
NOTE: These instructions only apply to basic user and group management. If you use or plan to use Samba for computer management, you will be better off using the migration scripts from IDEALX - http://www.idealx.org/prj/samba/index.en.html
I want to use SAMBA for computer management also.
Thanks,
#!Premod
----- Original Message ----- From: "sigid@JINLab" sigidwu@gmail.com To: "General discussion list for the Fedora Directory server project." fedora-directory-users@redhat.com Sent: Friday, November 28, 2008 6:10:19 AM GMT +05:30 Chennai, Kolkata, Mumbai, New Delhi Subject: Re: [Fedora-directory-users] SAMBA PDC+Fedora Dirsrv
Premod Dev wrote:
Hi All,
Can anybody have a good experience with SAMBA PDC with Fedora Directory Server as the backend LDAP server?
I have a working SAMBA PDC with OpenLDAP as the backend directory server for user,group and computer management.
Is it possible to use Fedora Directory server as the backend LDAP server for Samba PDC?
I want all users,groups and computers to be available in the Directory.
Ofcourse its possible. You may want to look at this link for further guidance. http://directory.fedoraproject.org/wiki/Howto:Samba
I think sudo provides a sample open ldap schema. The syntax is slightly different
/etc/dirsrv/slapd-ldapslave1/schema/71sudo.ldif
dn: cn=schema attributetypes :( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes :( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes :( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes :( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes :( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectclasses :( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) )
It would be interesting to find a tool to convert schema from open LDAP to FDS format since this comes up often.
On 11/27/08, Edward Capriolo edlinuxguru@gmail.com wrote:
I think sudo provides a sample open ldap schema. The syntax is slightly different
Thanks for your reply, I try to use your schema, but still get errors:
[root@testserver schema]# service dirsrv restart Shutting down dirsrv: testserver... [ OK ] Starting dirsrv: testserver...[28/Nov/2008:08:44:51 +0100] - Entry "cn=schema attributetypes :( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC" required attribute "objectclass" missing
[ OK ] [root@testserver schema]# cat 99sudoers.ldif dn: cn=schema attributetypes :( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes :( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC
'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes :( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC
'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes :( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes :( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectclasses :( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) )
Could you please send me a copy of the schema directly? Just to make sure all linebreaks and formatting is correct.
How did you get the schema?
The README.LDAP in sudo provides two schema, one for OpenLDAP and one for iPlanet and similar directory-servers (like Fedora DS if I have understood correctly).
Best regards,
Erling
Last time I installed sudo the iplanet schema was not part of the package. I-planet should be close to FDS. The one I sent I did myself 6 months back. If you think the problem is a format issue, I checked my system. Every entry is on its own line.
It is working for me with this version. fedora-ds-base-1.1.0-3.fc6 fedora-ds-1.1.0-3.fc6
Erling Ringen Elvsrud wrote:
I try to add the schema for sudoers from README.LDAP in the srpm-file of sudo-1.6.8p12. I assume the iPlanet-version will work best, but get this problem when I restart directory server:
[root@testserver schema]# service dirsrv restart Shutting down dirsrv: testserver... [ OK ] Starting dirsrv: testserver...[27/Nov/2008:10:37:31 +0100] - Entry "cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseE" required attribute "objectclass" missing
The sudo schema is now in CVS HEAD and will be part of the next release of Fedora DS: http://cvs.fedoraproject.org/viewvc/ldapserver/ldap/schema/60sudo.ldif?revis...
You can go ahead and download and use this file with any version of Fedora DS.
[ OK ]
[root@testserver schema]# cat 99sudoers.ldif dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseE
xactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseEx
actIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match S
YNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1
.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1
.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sud
oHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' )
Any help to get the schema for sudo correctly added is appreciated.
Thanks,
Erling
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Hi,
I have wiki'd my sudo setup
http://wiki.unixcraft.com/display/MainPage/Sudo+in+Centos+Directory+Server
2008/12/1 Rich Megginson rmeggins@redhat.com
Erling Ringen Elvsrud wrote:
I try to add the schema for sudoers from README.LDAP in the srpm-file of sudo-1.6.8p12. I assume the iPlanet-version will work best, but get this problem when I restart directory server:
[root@testserver schema]# service dirsrv restart Shutting down dirsrv: testserver... [ OK ] Starting dirsrv: testserver...[27/Nov/2008:10:37:31 +0100] - Entry "cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseE" required attribute "objectclass" missing
The sudo schema is now in CVS HEAD and will be part of the next release of Fedora DS:
http://cvs.fedoraproject.org/viewvc/ldapserver/ldap/schema/60sudo.ldif?revis...
You can go ahead and download and use this file with any version of Fedora DS.
[ OK ]
[root@testserver schema]# cat 99sudoers.ldif dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseE
xactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseEx
actIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match S
YNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1
.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1
.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sud
oHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' )
Any help to get the schema for sudo correctly added is appreciated.
Thanks,
Erling
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Try sending the schema through this first
http://directory.fedoraproject.org/download/ol-schema-migrate.pl
Brian
On Thu, 2008-11-27 at 03:08 -0700, Erling Ringen Elvsrud wrote:
I try to add the schema for sudoers from README.LDAP in the srpm-file of sudo-1.6.8p12. I assume the iPlanet-version will work best, but get this problem when I restart directory server:
[root@testserver schema]# service dirsrv restart Shutting down dirsrv: testserver... [ OK ] Starting dirsrv: testserver...[27/Nov/2008:10:37:31 +0100] - Entry "cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseE" required attribute "objectclass" missing
[ OK ]
[root@testserver schema]# cat 99sudoers.ldif dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseE
xactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseEx
actIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match S
YNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1
.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1
.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' ) objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sud
oHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' )
Any help to get the schema for sudo correctly added is appreciated.
Thanks,
Erling
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org