I don't know how to get openLDAP to read schema for sudo

OpenLDAP is trying to manage suod policies.

Regarding the procedure for reading the sudoers schema, I did it with reference to the following site, but the article is old and it seems that the setting using slapd.conf is not recommended at this time.How do I read the schema for sudo?
openLDAP Build (18) - Manage SUDO (1) | arinux

Tried

As a step, I need to register the schema for sudo, and when I create the sudo.ldif file and run ldapadd, there is no response (I don't get an adding new entry back). Is there something wrong with the description?

sudo.ldif

#
# OpenLDAP schema file for Sudo
# Save as/etc/openldap/schema/sudo.schema
#

attributetype: (1.3.6.1.4.1.15953.9.1.1
    NAME'sudoUser'
    DESC 'User(s) who may run sudo'
    EQUALITY caseExactIA 5 Match
    SUBSTR caseExactIA5 SubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype: (1.3.6.1.4.1.15953.9.1.2
    NAME's sudoHost'
    DESC 'Host(s) who may run sudo'
    EQUALITY caseExactIA 5 Match
    SUBSTR caseExactIA5 SubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype: (1.3.6.1.4.1.15953.9.1.3
    NAME's sudoCommand'
    DESC 'Command(s) to be executed by sudo'
    EQUALITY caseExactIA 5 Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype: (1.3.6.1.4.1.15953.9.1.4
    NAME'sudoRunAs'
    DESC 'User(s) impersonated by sudo(deprecated)'
    EQUALITY caseExactIA 5 Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype: (1.3.6.1.4.1.15953.9.1.5
    NAME's sudoOption'
    DESC 'Options(s) followed by sudo'
    EQUALITY caseExactIA 5 Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype: (1.3.6.1.4.1.15953.9.1.6
    NAME'sudoRunAsUser'
    DESC 'User(s) impersonated by sudo'
    EQUALITY caseExactIA 5 Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype: (1.3.6.1.4.1.15953.9.1.7
    NAME'sudoRunAsGroup'
    DESC 'Group(s) impersonated by sudo'
    EQUALITY caseExactIA 5 Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

attributetype: (1.3.6.1.4.1.15953.9.1.8
    NAME'sudoNotBefore'
    DESC 'Start of time interval for which the entry is valid'
    EQUALITY GENERALIZEDTimeMatch
    ORDERING generalizedTimeOrderingMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24)

attributetype: (1.3.6.1.4.1.15953.9.1.9
    NAME'sudoNotAfter'
    DESC 'End of time interval for which the entry is valid'
    EQUALITY GENERALIZEDTimeMatch
    ORDERING generalizedTimeOrderingMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24)

attributeTypes: (1.3.6.1.4.1.15953.9.1.10
    NAME's sudoOrder'
    DESC 'an integer to order the sudoRole entries'
    EQUALITY INTEGERMatch
    ORDERING INTEGER ORDERINGMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27)

objectclass: (1.3.6.1.4.1.15953.9.2.1 NAME's sudoRole'SUP top STRUCTURAL
    DESC 'Sudoer Entries'
    MUST(cn)
    MAY(sudoUser$sudoHost$sudoCommand$sudoRunAs$sudoRunAsUser$sudoRunAsGroup$sudoOption$sudoOrder$sudoNotBefore$sudoNotAfter$
            description)
    )

I checked the entire procedure in the post below and found that I need to add a schema for sudo.However, I don't know the specific procedure (it doesn't work), so I'm asking again.
I don't know how to manage sudo policies in openLDAP

linux openldap ldap

2022-12-25 05:04

1 Answers

You are using OLC(slapd.d/) instead of slapd.conf.
The sudo.schema file cannot be imported as it is.
Use https://yasu-2.blogspot.com/2009/10/openldap-24_21.html to convert it to a sudo.ldif file and import it as ldapadd.

Also, the contents of sudo.schema seem to be out of date.
The Linux distribution is unknown, but is it not included in the sudo package?
For example, RHEL/CentOS 7.9 can be found in /usr/share/doc/sudo-1.8.23/schema.OpenLDAP.

2022-12-25 08:24

If you have any answers or tips

Popular Tags

python x 4647

android x 1593

java x 1494

javascript x 1427

c x 927

c++ x 878

ruby-on-rails x 696

php x 692

python3 x 685

html x 656