action #23746: Adding sudoers rules to active directory. - invisAD-setup - openSUSE Project Management Tool

Custom queries

openQA Infrastructure Project
openqa-review - Closed tickets last updated by openqa-review, last 30 days
QA roadmap long-term
QA SLE functional
QA SLE Functional - closed in last 14 days
QA SLE Functional - High, need to be refined
QA SLE Functional - over cycle time median
QA SLE u
QA SLE y
QA tools (tag not necessary in openQA and subprojects)
QA tools tag (tag not necessary in openQA and subprojects; excluding tickets in "Ready" version as they are already on the backlog)
QAC - Backlog
QE tools team - backlog (ready issues)
QE tools team - backlog (w/o infra)
QE tools team - backlog SLA high
QE tools team - backlog SLA immediate
QE tools team - backlog SLA no immediate/urgent in feedback/blocked
QE tools team - backlog SLA normal
QE tools team - backlog SLA urgent
QE tools team - backlog SLO high
QE tools team - backlog SLO normal
QE tools team - backlog SLO urgent
QE tools team - backlog, high-level view (epics and higher)
QE tools team - backlog, non-reactive work, needs parent
QE tools team - backlog, top-level view (all sagas)
QE tools team - closed within last 14 days
QE tools team - closed within last 60 days
QE tools team - closed yesterday
QE Tools Team - Collaborative Session
QE tools team - due date forecast
QE tools team - exceeding due-date
QE tools team - infrastructure backlog
QE tools team - next - sorted by update time
QE tools team - next issues
QE tools team - non-estimated (unblocked) issues (w/o infra)
QE tools team - ready issues - Workable
QE tools team - ready, not assigned/blocked/low
QE tools team - update forecast
QE tools team - updated by priority
QE tools team - what members of the team are working on - Feedback (not-low)
QE Tools Team Backlog By Assignee
Tickets by target version
Tools Team Retrospective
Tools Team Retrospective (not estimated or assigned)

Actions

Copy link

action #23746

closed

Adding sudoers rules to active directory.

Added by flacco over 6 years ago. Updated over 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

flacco

Category:

Target version:

14.2

Start date:

2017-08-29

Due date:

% Done:

100%

Estimated time:

Description

Like described in an "Linux Administrator Magazin" article we should add support for providing sudo rules to active directory.

Info: http://jhrozek.livejournal.com/3860.html

History
Notes
Property changes

Actions

Copy link

Updated by flacco over 6 years ago

% Done changed from 0 to 20

Schema templates for sudo schema extension are ready and added to invis-setup package.

Actions

Copy link

Updated by flacco over 6 years ago

% Done changed from 20 to 30

I have added a base-node for sudo-rules to AD: CN=Sudo-Rules,CN=invis-Server,dc=invis-net,dc=loc, and an example ldif for adding new sudo rules to AD.

Next steps are:

Writing a shell-script for adding new sudo-rules to AD
Adding sudoers sssd configuration to invis-client package.

For Point 2: we have to extend the sssd.conf and the nsswitch.conf

sssd.conf:

services = nss, pam, sudo (in the global section)

nsswitch.conf:

New line:

sudoers: files sss

Actions

Copy link

Updated by flacco over 6 years ago

% Done changed from 30 to 50

A first version of a script called sudorule2ad is ready an now part of the invis-server setup. It's now possible to sudo rules to ad.

Now we have to implement the client-site. Server an linux-clients inside an invis-server AD domain must look for sudo rules in the AD.

Actions

Copy link

Updated by flacco over 6 years ago

Status changed from New to In Progress

Actions

Copy link

Updated by ingogoeppert over 6 years ago

Target version set to 13.1

Actions

Copy link

Updated by flacco about 6 years ago

Due date deleted (~~2017-09-30~~)
Target version changed from 13.1 to Next

Actions

Copy link

Updated by ingogoeppert about 6 years ago

Project changed from invis-server to invisAD-setup
Category deleted (~~Developement~~)
Target version deleted (~~Next~~)

Actions

Copy link

Updated by flacco about 6 years ago

Target version set to Future

Actions

Copy link

Updated by ingogoeppert over 2 years ago

Status changed from In Progress to Closed
Target version changed from Future to 14.2

Erste Schritte erledigt und in 13.0 vorhanden, wird eventuell durch die inzwischen für Samba verfügbaren GPOs ersetzt. Dafür ggf. neues Ticket anlegen.

Actions

Copy link

#10

Updated by ingogoeppert over 2 years ago

% Done changed from 50 to 100

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

invis-server » invisAD-setup

Custom queries

action #23746

Adding sudoers rules to active directory.

Updated by flacco over 6 years ago

Updated by flacco over 6 years ago

Updated by flacco over 6 years ago

Updated by flacco over 6 years ago

Updated by ingogoeppert over 6 years ago

Updated by flacco about 6 years ago

Updated by ingogoeppert about 6 years ago

Updated by flacco about 6 years ago

Updated by ingogoeppert over 2 years ago

Updated by ingogoeppert over 2 years ago