search for: sudohost

...uest of: Filter: (&(&(cn=smtp)(ipServiceProtocol=dccp))(objectclass=ipService)) and there are 4 attributes in the request - objectClass, cn, ipServicePort, ipServiceProtocol Whereas on the CentOS 7 server, the filter looks like this: Filter: (&(objectClass=sudoRole)(|(|(|(|(|(|(|(|(|(!(sudoHost=*))(sudoHost=ALL))(sudoHost= ldaptest7.company.com ))(sudoHost=ldaptest7))(sudoHost=192.168.193.62))(sudoHost= 192.168.192.0/23))(sudoHost=fe80::5054:ff:fef2:26ed))(sudoHost=fe80::/6 with 13 attributes - objectClass, cn, and a bunch of sudo attributes. The response from the Samba server to each of...

...=============== dn: cn=defaults,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: defaults description: Default sudoOption's go here dn: cn=root,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: root sudoUser: root sudoHost: ALL sudoRunAsUser: ALL sudoCommand: ALL dn: cn=%wheel,ou=sudoers,ou=Services,dc=summitnjhome,dc=com objectClass: top objectClass: sudoRole cn: %wheel sudoUser: %wheel sudoHost: ALL sudoRunAsUser: ALL sudoCommand: ALL sudoOption: !authenticate dn: cn=%summitnjops,ou=sudoers,ou=Services,dc=summitn...

...objectClass: top objectClass: sudoRole cn: reima instanceType: 4 whenCreated: 20140625194650.0Z whenChanged: 20140625194650.0Z uSNCreated: 3799 uSNChanged: 3799 name: reima objectGUID:: U1paZdVOSke2zmInSenFTg== objectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=teemu,DC=local sudoUser: reima sudoHost: ALL sudoCommand: ALL distinguishedName: CN=reima,OU=SUDOers,DC=teemu,DC=local # SUDOers, teemu.local dn: OU=SUDOers,DC=teemu,DC=local objectClass: top objectClass: organizationalUnit ou: SUDOers instanceType: 4 whenCreated: 20140625194301.0Z whenChanged: 20140625194301.0Z uSNCreated: 3797 uSNChan...

...objectClass: top objectClass: sudoRole cn: reima instanceType: 4 whenCreated: 20140625194650.0Z whenChanged: 20140625194650.0Z uSNCreated: 3799 uSNChanged: 3799 name: reima objectGUID:: U1paZdVOSke2zmInSenFTg== objectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=teemu,DC=local sudoUser: reima sudoHost: ALL sudoCommand: ALL distinguishedName: CN=reima,OU=SUDOers,DC=teemu,DC=local # SUDOers, teemu.local dn: OU=SUDOers,DC=teemu,DC=local objectClass: top objectClass: organizationalUnit ou: SUDOers instanceType: 4 whenCreated: 20140625194301.0Z whenChanged: 20140625194301.0Z uSNCreated: 3797 uSNChan...

...The following example allows users in group wheel to run any command on any host via sudo, dc=example,dc=com will be changed to refer to my domain. $ cat sudo_user dn: cn=%wheel,ou=SUDOers,dc=example,dc=com objectClass: top objectClass: sudoRole cn: %wheel sudoUser: %wheel sudoHost: ALL sudoCommand: ALL ldbadd -H /etc/samba/private/sam.ldb sudo_user \ --option="dsdb:schema update allowed"=true and how do i index the 'sudoUser' attribute? all corrections welcome. Shadrock

...ion: 'ignore_local_sudoers' sudo: ldap search '(|(sudoUser=raub)(sudoUser=%raub)(sudoUser=%chinbeards)(sudoUser=ALL))' sudo: ldap search 'sudoUser=+*' sudo: found:cn=defaults,ou=SUDOers,dc=domain,dc=com sudo: ldap sudoUser netgroup '+chinbeards' ... MATCH! sudo: ldap sudoHost 'ALL' ... MATCH! sudo: ldap sudoCommand 'ALL' ... MATCH! sudo: Command allowed sudo: ldap sudoOption: 'env_keep+=SSH_AGENT_PID' sudo: ldap sudoOption: 'env_keep+=SSH_AUTH_SOCK' sudo: ldap sudoOption: 'env_keep+=SVN_SSH' sudo: ldap sudoOption: 'env_reset...

On Thu, 21 Apr 2016, John Gardeniers wrote: > Good news, I now have this working. Once I finish writing my notes I'll make > them available to whoever might want them. Good to hear. I tried to get his working by following some of the online docs and the sudoers docs, and never did get it to work. It'd be great if someone could put this up on the Samba wiki when it's

...%ghba8)(sudoUser=%unix)(sudoUser=%CERTSVC_DCOM_ACCESS)(sudoUser=ALL))' sudo: found:CN=ghba8,OU=SUDOers,DC=peps,DC=local <-- here we can see that the user has been found into the sec. group ghba8 <-- here below there are the matching sudo authorized privileges [...] --> sudo: ldap sudoHost 'ALL' ... MATCH! sudo: ldap sudoCommand 'ALL' ... MATCH! sudo: Command allowed sudo: ldap sudoOption: 'authenticate' sudo: user_matches=1 sudo: host_matches=1 sudo: sudo_ldap_lookup(0)=0x02 Password: <user test password> [root at pepsrh5 ~]# Here is the AIX example...