freeipa/ipaserver
Alexander Bokovoy a37db297f0 sudorule-add-user: allow to reference users and groups from trusted domains directly
Allow specifying AD users and groups from trusted Active Directory
forests in `ipa sudorule-add/remove-user` family of commands.

SSSD uses single attribute 'externalUser' for IPA to pull 'external'
objects referenced in SUDO rules. This means both users and groups are
represented within the same attribute, with groups prefixed with '%',
as described in sudoers(5) man page.

Add member type validators to 'ipa sudorule-add/remove-user' family
commands and rely on member type validators from 'idviews' plugin to
resolve trusted objects.

Referencing fully qualified names for users and groups from trusted
Active Directory domains in 'externalUser' attribute of SUDO rules is
supported in SSSD 2.4 or later.

RN: IPA now supports adding users and groups from trusted Active
RN: Directory domains in SUDO rules without an intermediate non-POSIX
RN: group membership

Fixes: https://pagure.io/freeipa/issue/3226
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2021-01-26 13:05:27 -05:00
..
advise Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
dnssec Change mkdir logic in DNSSEC 2020-12-18 20:40:36 +02:00
install Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
plugins sudorule-add-user: allow to reference users and groups from trusted domains directly 2021-01-26 13:05:27 -05:00
secrets NSSWrappedCertDB: accept optional symmetric algorithm 2019-09-25 12:42:06 +10:00
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
dcerpc_common.py Py3: Replace six.text_type with str 2018-09-27 16:11:18 +02:00
dcerpc.py trust-fetch-domains: use custom krb5.conf overlay for all trust operations 2021-01-22 12:21:33 -05:00
dns_data_management.py Lookup ipa-ca record with NSS 2020-10-10 12:54:06 +02:00
Makefile.am Build: Makefiles for Python packages 2016-11-09 13:08:32 +01:00
masters.py Add hidden replica feature 2019-03-28 17:57:58 +01:00
p11helper.py Grammar: whitespace is a word 2020-06-23 10:16:29 +02:00
rpcserver.py rpcserver: fix exception handling for FAST armor failure 2020-10-30 19:06:11 +02:00
servroles.py Use api.env.container_sysaccounts 2020-04-28 11:28:29 +02:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Delay import of psutil to avoid AVC 2020-09-23 14:49:15 +02:00
topology.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00