From 65553cafddfdadba2fa55c92a06ad9a291bf612e Mon Sep 17 00:00:00 2001 From: Nathan Kinder Date: Jul 07 2011 20:52:49 +0000 Subject: Bug 713209 - Update sudo schema Our sudo schema file is out of date. This patch updates the sudo schema file to be more current. The new schema is fully backwards compatible. --- diff --git a/ldap/admin/src/scripts/60upgradeschemafiles.pl b/ldap/admin/src/scripts/60upgradeschemafiles.pl index 99373dc..c308716 100644 --- a/ldap/admin/src/scripts/60upgradeschemafiles.pl +++ b/ldap/admin/src/scripts/60upgradeschemafiles.pl @@ -11,7 +11,7 @@ sub runinst { # these schema files are obsolete, or we want to replace # them with newer versions - my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 05rfc4524.ldif 06inetorgperson.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif); + my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 05rfc4524.ldif 06inetorgperson.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif 60sudo.ldif); # these hashes will be used to check for obsolete schema # in 99user.ldif diff --git a/ldap/schema/60sudo.ldif b/ldap/schema/60sudo.ldif index cc94370..746c4be 100644 --- a/ldap/schema/60sudo.ldif +++ b/ldap/schema/60sudo.ldif @@ -12,8 +12,7 @@ attributeTypes: ( EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - X-ORIGIN 'SUDO' - ) + X-ORIGIN 'SUDO' ) # ################################################################################ # @@ -58,6 +57,54 @@ attributeTypes: ( # ################################################################################ # +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 + NAME 'sudoRunAsUser' + DESC 'User(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + X-ORIGIN 'SUDO' ) +# +################################################################################ +# +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 + NAME 'sudoRunAsGroup' + DESC 'Group(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + X-ORIGIN 'SUDO' ) +# +################################################################################ +# +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 + NAME 'sudoNotBefore' + DESC 'Start of time interval for which the entry is valid' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + X-ORIGIN 'SUDO' ) +# +################################################################################ +# +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 + NAME 'sudoNotAfter' + DESC 'End of time interval for which the entry is valid' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + X-ORIGIN 'SUDO' ) +# +################################################################################ +# +attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 + NAME 'sudoOrder' + DESC 'an integer to order the sudoRole entries' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'SUDO' ) +# +################################################################################ +# objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' @@ -65,9 +112,10 @@ objectClasses: ( STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) - MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) - X-ORIGIN 'SUDO' - ) + MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ + sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $ + sudoOrder $ description ) + X-ORIGIN 'SUDO' ) # ################################################################################ #