From 64c5738ec940daea339f43e2f69dafb26b9f3ad8 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sat, 10 May 2008 13:18:47 +0000 Subject: [PATCH] Reference schema.ActiveDirectory --- Makefile.in | 14 +++++++------- README.LDAP | 5 +++++ sudoers.ldap.cat | 36 ++++++++++++++++++------------------ sudoers.ldap.man.in | 7 ++++--- sudoers.ldap.pod | 5 +++-- 5 files changed, 37 insertions(+), 30 deletions(-) diff --git a/Makefile.in b/Makefile.in index f1ae358cb..dec276840 100644 --- a/Makefile.in +++ b/Makefile.in @@ -142,13 +142,13 @@ LIB_OBJS = @LIBOBJS@ VERSION = 1.7.0 DISTFILES = $(SRCS) $(HDRS) ChangeLog HISTORY INSTALL INSTALL.configure \ - LICENSE Makefile.in PORTING README README.LDAP \ - TROUBLESHOOTING UPGRADE WHATSNEW aclocal.m4 acsite.m4 aixcrypt.exp \ - config.guess config.h.in config.sub configure configure.in \ - def_data.in indent.pro install-sh ltmain.sh mkdefaults \ - mkinstalldirs pathnames.h.in sample.pam sample.syslog.conf \ - sample.sudoers schema.OpenLDAP schema.iPlanet sudo.cat \ - sudo.man.in sudo.pod sudo.psf sudo_usage.h.in sudoers sudoers.cat \ + LICENSE Makefile.in PORTING README README.LDAP TROUBLESHOOTING \ + UPGRADE WHATSNEW aclocal.m4 acsite.m4 aixcrypt.exp config.guess \ + config.h.in config.sub configure configure.in def_data.in \ + indent.pro install-sh ltmain.sh mkdefaults mkinstalldirs \ + pathnames.h.in sample.pam sample.syslog.conf sample.sudoers \ + schema.ActiveDirectory schema.OpenLDAP schema.iPlanet sudo.cat \ + sudo.man.in sudo.pod sudo.psf sudo_usage.h.in sudoers sudoers.cat \ sudoers.man.in sudoers.pod sudoers.ldap.cat sudoers.ldap.man.in \ sudoers.ldap.pod sudoers2ldif visudo.cat visudo.man.in visudo.pod \ auth/API diff --git a/README.LDAP b/README.LDAP index 89ed6daf9..85f05f549 100644 --- a/README.LDAP +++ b/README.LDAP @@ -87,6 +87,11 @@ replacing example.com with your domain: serviceSearchDescriptor: sudoers: ou=sudoers,dc=example,dc=com +If using an Active Directory server, copy schema.ActiveDirectory +to your Windows domain controller and run the following command: + + ldifde -i -f schema.ActiveDirectory -c dc=X dc=example,dc=com + Importing /etc/sudoers into LDAP ================================ Importing sudoers is a two-step process. diff --git a/sudoers.ldap.cat b/sudoers.ldap.cat index 1a6813b32..95e8edd25 100644 --- a/sudoers.ldap.cat +++ b/sudoers.ldap.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.0 May 2, 2008 1 +1.7.0 May 10, 2008 1 @@ -127,7 +127,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.0 May 2, 2008 2 +1.7.0 May 10, 2008 2 @@ -193,7 +193,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.0 May 2, 2008 3 +1.7.0 May 10, 2008 3 @@ -238,9 +238,10 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) on your LDAP server. In addition, be sure to index the 'sudoUser' attribute. - Two versions of the schema, one for OpenLDAP servers (_s_c_h_e_m_a_._O_p_e_n_L_D_A_P) - and another for Netscape-derived servers (_s_c_h_e_m_a_._i_P_l_a_n_e_t), may be found - in the ssuuddoo distribution. + Three versions of the schema: one for OpenLDAP servers (_s_c_h_e_m_a_._O_p_e_n_L_- + _D_A_P), one for Netscape-derived servers (_s_c_h_e_m_a_._i_P_l_a_n_e_t), and one for + Microsoft Active Directory (_s_c_h_e_m_a_._A_c_t_i_v_e_D_i_r_e_c_t_o_r_y) may be found in the + ssuuddoo distribution. The schema for ssuuddoo in OpenLDAP form is included in the EXAMPLES sec- tion. @@ -255,11 +256,10 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) Also note that on systems using the OpenLDAP libraries, default values specified in _/_e_t_c_/_o_p_e_n_l_d_a_p_/_l_d_a_p_._c_o_n_f or the user's _._l_d_a_p_r_c files are - not used. -1.7.0 May 2, 2008 4 +1.7.0 May 10, 2008 4 @@ -268,6 +268,8 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) + not used. + Only those options explicitly listed in _/_e_t_c_/_l_d_a_p_._c_o_n_f that are sup- ported by ssuuddoo are honored. Configuration options are listed below in upper case but are parsed in a case-independent manner. @@ -323,9 +325,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - - -1.7.0 May 2, 2008 5 +1.7.0 May 10, 2008 5 @@ -391,7 +391,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.0 May 2, 2008 6 +1.7.0 May 10, 2008 6 @@ -457,7 +457,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.0 May 2, 2008 7 +1.7.0 May 10, 2008 7 @@ -523,7 +523,7 @@ EEXXAAMMPPLLEESS -1.7.0 May 2, 2008 8 +1.7.0 May 10, 2008 8 @@ -589,7 +589,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.0 May 2, 2008 9 +1.7.0 May 10, 2008 9 @@ -655,7 +655,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.0 May 2, 2008 10 +1.7.0 May 10, 2008 10 @@ -721,7 +721,7 @@ CCAAVVEEAATTSS -1.7.0 May 2, 2008 11 +1.7.0 May 10, 2008 11 @@ -787,6 +787,6 @@ DDIISSCCLLAAIIMMEERR -1.7.0 May 2, 2008 12 +1.7.0 May 10, 2008 12 diff --git a/sudoers.ldap.man.in b/sudoers.ldap.man.in index 8fa099233..0de7e1a51 100644 --- a/sudoers.ldap.man.in +++ b/sudoers.ldap.man.in @@ -146,7 +146,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS.LDAP @mansectform@" -.TH SUDOERS.LDAP @mansectform@ "May 2, 2008" "1.7.0" "MAINTENANCE COMMANDS" +.TH SUDOERS.LDAP @mansectform@ "May 10, 2008" "1.7.0" "MAINTENANCE COMMANDS" .SH "NAME" sudoers.ldap \- sudo LDAP configuration .SH "DESCRIPTION" @@ -349,8 +349,9 @@ In order to use \fBsudo\fR's \s-1LDAP\s0 support, the \fBsudo\fR schema must be installed on your \s-1LDAP\s0 server. In addition, be sure to index the \&'sudoUser' attribute. .PP -Two versions of the schema, one for OpenLDAP servers (\fIschema.OpenLDAP\fR) -and another for Netscape-derived servers (\fIschema.iPlanet\fR), may +Three versions of the schema: one for OpenLDAP servers (\fIschema.OpenLDAP\fR), +one for Netscape-derived servers (\fIschema.iPlanet\fR), and one for +Microsoft Active Directory (\fIschema.ActiveDirectory\fR) may be found in the \fBsudo\fR distribution. .PP The schema for \fBsudo\fR in OpenLDAP form is included in the \s-1EXAMPLES\s0 diff --git a/sudoers.ldap.pod b/sudoers.ldap.pod index c5b9d499c..05a4c4790 100644 --- a/sudoers.ldap.pod +++ b/sudoers.ldap.pod @@ -231,8 +231,9 @@ In order to use B's LDAP support, the B schema must be installed on your LDAP server. In addition, be sure to index the 'sudoUser' attribute. -Two versions of the schema, one for OpenLDAP servers (F) -and another for Netscape-derived servers (F), may +Three versions of the schema: one for OpenLDAP servers (F), +one for Netscape-derived servers (F), and one for +Microsoft Active Directory (F) may be found in the B distribution. The schema for B in OpenLDAP form is included in the L