mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 07:33:27 -06:00
349322e3fb
Allow specifying AD users and groups from trusted Active Directory forests in `ipa sudorule-add/remove-runasuser/runasgroup` family of commands. IPA provides 'ipasudorunasextuser' and 'ipasudorunasextusergroup' LDAP attributes to record 'external' objects referenced in SUDO rules for specifying the target user and group to run the commands allowed in the SUDO rule. Use member type validators to 'ipa sudorule-add/remove-runasuser/runasgroup' family of commands and rely on member type validators from 'idviews' plugin to resolve trusted objects. Referencing fully qualified names for users and groups from trusted Active Directory domains in IPA SUDOERs schema attributes is supported in SSSD 2.4 or later. RN: IPA now supports users and groups from trusted Active Directory RN: domains in SUDO rules to specify runAsUser/runAsGroup properties RN: without an intermediate non-POSIX group membership Fixes: https://pagure.io/freeipa/issue/3226 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> |
||
---|---|---|
.. | ||
advise | ||
dnssec | ||
install | ||
plugins | ||
secrets | ||
__init__.py | ||
dcerpc_common.py | ||
dcerpc.py | ||
dns_data_management.py | ||
Makefile.am | ||
masters.py | ||
p11helper.py | ||
rpcserver.py | ||
servroles.py | ||
setup.cfg | ||
setup.py | ||
topology.py |