Hello Rich, List, I have two inquiries. The first is regarding case sensitivity. I have the sudoers file centralized in LDAP (389) in one of the plants that I support. I have users listed by their uid as sudoUsers under the sudo roles. Now If the uid is listed as Joe_Montana..and I login as Joe_Montana then the entry is recognized correctly by the sudo functions. If I login as joe_montana the sudo functions fail. Is there a way to force 389 to be case insensitive so that username or UIDs are recognized regardless of case? I found these entries in dse. Can these be edited to force case insensitivity? nsslapd-return-exact-case: on dn: cn=Case Exact String Syntax,cn=plugins,cn=config cn: Case Exact String Syntax dn: cn=Case Ignore String Syntax,cn=plugins,cn=config cn: Case Ignore String Syntax Secondly it seems the Fedora 9 newkey updates repo is broken. I upgraded all of our installations to the newest packages 2 to 3 weeks ago and i am wondering if these are still the latest packages. fedora-ds-dsgw-1.1.1-1.fc9.i386 fedora-ds-console-1.2.0-1.fc9.noarch fedora-ds-base-1.2.0-4.fc9.i386 fedora-ds-1.1.3-1.fc9.noarch fedora-ds-admin-1.1.7-3.fc9.i386 fedora-ds-admin-console-1.1.3-1.fc9.noarch Thank you James
Chris St. Pierre
2009-May-12 02:09 UTC
Re: [389-users] Case sensitivity and FC9 389 DS packages.
On Mon, 11 May 2009, James Chavez wrote:> Now If the uid is listed as Joe_Montana..and I login as Joe_Montana then the > entry is recognized correctly by the sudo functions. > If I login as joe_montana the sudo functions fail. > Is there a way to force 389 to be case insensitive so that username or UIDs > are recognized regardless of case?In the sudoers schema file (/etc/dirsrv/slapd-<instance>/schema/60sudo.ldif), you''ll note that the sudoUser attribute has: EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch So do the sudoHost, sudoCommand, etc., attributes. If you want case-insensitive matching, you should change that to: EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch And then restart the DS.> Secondly it seems the Fedora 9 newkey updates repo is broken. I upgraded all > of our installations to the newest packages 2 to 3 weeks ago and i am > wondering if these are still the latest packages. > > fedora-ds-dsgw-1.1.1-1.fc9.i386 > fedora-ds-console-1.2.0-1.fc9.noarch > fedora-ds-base-1.2.0-4.fc9.i386 > fedora-ds-1.1.3-1.fc9.noarch > fedora-ds-admin-1.1.7-3.fc9.i386 > fedora-ds-admin-console-1.1.3-1.fc9.noarchYes, those are the latest packages. Note that the fedora-ds-base package -- which has the important stuff -- and the fedora-ds-console package -- which has the shiny GUI stuff -- are both at 1.2.0, the latest version. FDS -- err, 389DS -- doesn''t rev all of the package versions to track the release version, so the fedora-ds package is still at 1.1.3 while its requirements are at various other versions. Some nuts and bolts: fedora-ds is itself just a "meta-package" that contains nothing; it just requires other packages. So the fedora-ds package version really only needs to incremented if the requirements change. Since they didn''t, it''s easier for the dev team to leave what they can alone and only release new versions of packages that actually have some changed code. Make sense? Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University
James Chavez
2009-May-12 02:40 UTC
Re: [389-users] Case sensitivity and FC9 389 DS packages.
On Mon, May 11, 2009 at 7:09 PM, Chris St. Pierre <stpierre@nebrwesleyan.edu> wrote:> On Mon, 11 May 2009, James Chavez wrote: > > Now If the uid is listed as Joe_Montana..and I login as Joe_Montana then >> the >> entry is recognized correctly by the sudo functions. >> If I login as joe_montana the sudo functions fail. >> Is there a way to force 389 to be case insensitive so that username or >> UIDs >> are recognized regardless of case? >> > > In the sudoers schema file > (/etc/dirsrv/slapd-<instance>/schema/60sudo.ldif), you''ll note that > the sudoUser attribute has: > > EQUALITY caseExactIA5Match > SUBSTR caseExactIA5SubstringsMatch > > So do the sudoHost, sudoCommand, etc., attributes. If you want > case-insensitive matching, you should change that to: > > EQUALITY caseIgnoreIA5Match > SUBSTR caseIgnoreIA5SubstringsMatch > > And then restart the DS.> ++ Chris thanks for the reply. That helps...seems obvious now that you > pointed it to me. i appreciate it. >> Secondly it seems the Fedora 9 newkey updates repo is broken. I upgraded >> all >> of our installations to the newest packages 2 to 3 weeks ago and i am >> wondering if these are still the latest packages. >> >> fedora-ds-dsgw-1.1.1-1.fc9.i386 >> fedora-ds-console-1.2.0-1.fc9.noarch >> fedora-ds-base-1.2.0-4.fc9.i386 >> fedora-ds-1.1.3-1.fc9.noarch >> fedora-ds-admin-1.1.7-3.fc9.i386 >> fedora-ds-admin-console-1.1.3-1.fc9.noarch >> > > Yes, those are the latest packages. Note that the fedora-ds-base > package -- which has the important stuff -- and the fedora-ds-console > package -- which has the shiny GUI stuff -- are both at 1.2.0, the > latest version. FDS -- err, 389DS -- doesn''t rev all of the package > versions to track the release version, so the fedora-ds package is > still at 1.1.3 while its requirements are at various other versions. > > Some nuts and bolts: fedora-ds is itself just a "meta-package" that > contains nothing; it just requires other packages. So the fedora-ds > package version really only needs to incremented if the requirements > change. Since they didn''t, it''s easier for the dev team to leave what > they can alone and only release new versions of packages that actually > have some changed code. > > Make sense?++ Makes perfect sense, thanks a bunch, so i should be most concerned with the fedora-ds-base and fedora-ds-console packages for revision or version changes. I will definitely keep that in mind. Thanks again for the clarity. James> > >
Rich Megginson
2009-May-12 15:29 UTC
Re: [389-users] Case sensitivity and FC9 389 DS packages.
James Chavez wrote:> Hello Rich, List, > > I have two inquiries. > The first is regarding case sensitivity. > I have the sudoers file centralized in LDAP (389) in one of the plants > that I support. I have users listed by their uid as sudoUsers under > the sudo roles. > > Now If the uid is listed as Joe_Montana..and I login as Joe_Montana > then the entry is recognized correctly by the sudo functions. > If I login as joe_montana the sudo functions fail. > Is there a way to force 389 to be case insensitive so that username or > UIDs are recognized regardless of case? > > I found these entries in dse. Can these be edited to force case > insensitivity? > nsslapd-return-exact-case: on > dn: cn=Case Exact String Syntax,cn=plugins,cn=config > cn: Case Exact String Syntax > dn: cn=Case Ignore String Syntax,cn=plugins,cn=config > cn: Case Ignore String Syntax > > > Secondly it seems the Fedora 9 newkey updates repo is broken. I > upgraded all of our installations to the newest packages 2 to 3 weeks > ago and i am wondering if these are still the latest packages. > > fedora-ds-dsgw-1.1.1-1.fc9. > i386 > fedora-ds-console-1.2.0-1.fc9.noarch > fedora-ds-base-1.2.0-4.fc9.i386 > fedora-ds-1.1.3-1.fc9.noarch > fedora-ds-admin-1.1.7-3.fc9.i386 > fedora-ds-admin-console-1.1.3-1.fc9.noarchyes, these are the latest> > Thank you > James > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >