In order to use s\bsu\bud\bdo\bo's LDAP support, the s\bsu\bud\bdo\bo schema must be installed on
your LDAP server. In addition, be sure to index the sudoUser attribute.
- Three versions of the schema: one for OpenLDAP servers (_\bs_\bc_\bh_\be_\bm_\ba_\b._\bO_\bp_\be_\bn_\bL_\bD_\bA_\bP),
- one for Netscape-derived servers (_\bs_\bc_\bh_\be_\bm_\ba_\b._\bi_\bP_\bl_\ba_\bn_\be_\bt), and one for Microsoft
- Active Directory (_\bs_\bc_\bh_\be_\bm_\ba_\b._\bA_\bc_\bt_\bi_\bv_\be_\bD_\bi_\br_\be_\bc_\bt_\bo_\br_\by) may be found in the s\bsu\bud\bdo\bo
- distribution.
+ The s\bsu\bud\bdo\bo distribution includes versions of the s\bsu\bud\bdo\boe\ber\brs\bs schema for
+ multiple LDAP servers:
- The schema for s\bsu\bud\bdo\bo in OpenLDAP form is also included in the _\bE_\bX_\bA_\bM_\bP_\bL_\bE_\bS
- section.
+ _\bs_\bc_\bh_\be_\bm_\ba_\b._\bO_\bp_\be_\bn_\bL_\bD_\bA_\bP
+ OpenLDAP slapd and OpenBSD ldapd
+
+ _\bs_\bc_\bh_\be_\bm_\ba_\b._\bo_\bl_\bc_\bS_\bu_\bd_\bo
+ OpenLDAP slapd 2.3 and higher when on-line configuration is enabled
+
+ _\bs_\bc_\bh_\be_\bm_\ba_\b._\bi_\bP_\bl_\ba_\bn_\be_\bt
+ Netscape-derived servers such as the iPlanet, Oracle, and 389
+ Directory Servers
+
+ _\bs_\bc_\bh_\be_\bm_\ba_\b._\bA_\bc_\bt_\bi_\bv_\be_\bD_\bi_\br_\be_\bc_\bt_\bo_\br_\by
+ Microsoft Active Directory
+
+ The schema in OpenLDAP format is also included in the _\bE_\bX_\bA_\bM_\bP_\bL_\bE_\bS section.
C\bCo\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg l\bld\bda\bap\bp.\b.c\bco\bon\bnf\bf
Sudo reads the _\b/_\be_\bt_\bc_\b/_\bl_\bd_\ba_\bp_\b._\bc_\bo_\bn_\bf file for LDAP-specific configuration.
# sasl_secprops none
# krb5_ccname /etc/.ldapcache
- S\bSu\bud\bdo\bo s\bsc\bch\bhe\bem\bma\ba f\bfo\bor\br O\bOp\bpe\ben\bnL\bLD\bDA\bAP\bP
+ S\bSu\bud\bdo\boe\ber\brs\bs s\bsc\bch\bhe\bem\bma\ba f\bfo\bor\br O\bOp\bpe\ben\bnL\bLD\bDA\bAP\bP
The following schema, in OpenLDAP format, is included with s\bsu\bud\bdo\bo source
and binary distributions as _\bs_\bc_\bh_\be_\bm_\ba_\b._\bO_\bp_\be_\bn_\bL_\bD_\bA_\bP. Simply copy it to the
schema directory (e.g., _\b/_\be_\bt_\bc_\b/_\bo_\bp_\be_\bn_\bl_\bd_\ba_\bp_\b/_\bs_\bc_\bh_\be_\bm_\ba), add the proper include
- line in _\bs_\bl_\ba_\bp_\bd_\b._\bc_\bo_\bn_\bf and restart s\bsl\bla\bap\bpd\bd.
+ line in _\bs_\bl_\ba_\bp_\bd_\b._\bc_\bo_\bn_\bf and restart s\bsl\bla\bap\bpd\bd. Sites using the optional on-line
+ configuration supported by OpenLDAP 2.3 and higher should apply the
+ _\bs_\bc_\bh_\be_\bm_\ba_\b._\bo_\bl_\bc_\bS_\bu_\bd_\bo file instead.
attributetype ( 1.3.6.1.4.1.15953.9.1.1
NAME 'sudoUser'
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.26 October 28, 2018 Sudo 1.8.26
+Sudo 1.8.26 November 9, 2018 Sudo 1.8.26
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.TH "SUDOERS.LDAP" "5" "October 28, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS.LDAP" "5" "November 9, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
\fRsudoUser\fR
attribute.
.PP
-Three versions of the schema: one for OpenLDAP servers
-(\fIschema.OpenLDAP\fR),
-one for Netscape-derived servers
-(\fIschema.iPlanet\fR),
-and one for Microsoft Active Directory
-(\fIschema.ActiveDirectory\fR)
-may be found in the
+The
\fBsudo\fR
-distribution.
+distribution includes versions of the
+\fBsudoers\fR
+schema for multiple LDAP servers:
+.TP 6n
+\fIschema.OpenLDAP\fR
+OpenLDAP slapd and
+OpenBSD
+ldapd
+.TP 6n
+\fIschema.olcSudo\fR
+OpenLDAP slapd 2.3 and higher when on-line configuration is enabled
+.TP 6n
+\fIschema.iPlanet\fR
+Netscape-derived servers such as the iPlanet, Oracle,
+and 389 Directory Servers
+.TP 6n
+\fIschema.ActiveDirectory\fR
+Microsoft Active Directory
.PP
-The schema for
-\fBsudo\fR
-in OpenLDAP form is also included in the
+The schema in OpenLDAP format is also included in the
\fIEXAMPLES\fR
section.
.SS "Configuring ldap.conf"
# krb5_ccname /etc/.ldapcache
.RE
.fi
-.SS "Sudo schema for OpenLDAP"
+.SS "Sudoers schema for OpenLDAP"
The following schema, in OpenLDAP format, is included with
\fBsudo\fR
source and binary distributions as
\fIslapd.conf\fR
and restart
\fBslapd\fR.
+Sites using the optional on-line configuration supported by OpenLDAP 2.3
+and higher should apply the
+\fIschema.olcSudo\fR
+file instead.
.nf
.sp
.RS 2n
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd October 28, 2018
+.Dd November 9, 2018
.Dt SUDOERS.LDAP @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Li sudoUser
attribute.
.Pp
-Three versions of the schema: one for OpenLDAP servers
-.Pq Pa schema.OpenLDAP ,
-one for Netscape-derived servers
-.Pq Pa schema.iPlanet ,
-and one for Microsoft Active Directory
-.Pq Pa schema.ActiveDirectory
-may be found in the
+The
.Nm sudo
-distribution.
+distribution includes versions of the
+.Nm sudoers
+schema for multiple LDAP servers:
+.Bl -tag -width 4n
+.It Pa schema.OpenLDAP
+OpenLDAP slapd and
+.Ox
+ldapd
+.It Pa schema.olcSudo
+OpenLDAP slapd 2.3 and higher when on-line configuration is enabled
+.It Pa schema.iPlanet
+Netscape-derived servers such as the iPlanet, Oracle,
+and 389 Directory Servers
+.It Pa schema.ActiveDirectory
+Microsoft Active Directory
+.El
.Pp
-The schema for
-.Nm sudo
-in OpenLDAP form is also included in the
+The schema in OpenLDAP format is also included in the
.Sx EXAMPLES
section.
.Ss Configuring ldap.conf
# sasl_secprops none
# krb5_ccname /etc/.ldapcache
.Ed
-.Ss Sudo schema for OpenLDAP
+.Ss Sudoers schema for OpenLDAP
The following schema, in OpenLDAP format, is included with
.Nm sudo
source and binary distributions as
.Pa slapd.conf
and restart
.Nm slapd .
+Sites using the optional on-line configuration supported by OpenLDAP 2.3
+and higher should apply the
+.Pa schema.olcSudo
+file instead.
.Bd -literal -offset 2n
attributetype ( 1.3.6.1.4.1.15953.9.1.1
NAME 'sudoUser'
projects / sudo / commitdiff