From f6257694266c8f9fc3743ccfce28a1e47b9275d9 Mon Sep 17 00:00:00 2001
From: Aaron Spangler <aaron777@gmail.com>
Date: Sat, 7 Aug 2004 03:43:24 +0000
Subject: [PATCH] More behavior notes

---
 README.LDAP | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/README.LDAP b/README.LDAP
index 73bbbd7db..e5883c21f 100644
--- a/README.LDAP
+++ b/README.LDAP
@@ -306,6 +306,25 @@ Here is an example:
   sudoCommand: !/bin/sh
   sudoCommand: ALL
 
+Another difference is that negations on the Host are User (or Runas) are
+currently ignorred.  For example, these attributes do not work how they first
+seem.  If you desperately want this to be changed, contact Aaron Spangler
+(aaron@spangler.ods.org).
+
+  # does not match all but joe
+  # rather, does not match anyone
+  sudoUser: !joe
+
+  # does not match all but joe
+  # rather, matches everyone including Joe
+  sudoUser: ALL
+  sudoUser: !joe
+
+  # does not match all but web01
+  # rather, matches all hosts including web01
+  sudoHost: ALL
+  sudoHost: !web01
+
 
 Configure your /etc/nsswitch.conf
 =================================