Skip to content

Instantly share code, notes, and snippets.

@ashafer01

ashafer01/ad_sudo_schema.ldif

Created February 9, 2019 00:09
Show Gist options
  • Save ashafer01/127eb8ec5be83440d6a9a698f1f21669 to your computer and use it in GitHub Desktop.
Save ashafer01/127eb8ec5be83440d6a9a698f1f21669 to your computer and use it in GitHub Desktop.
Download ZIP
Active Directory Schema for sudo ldap - tested working with AWS Directory Service - replace DC=EXAMPLE,DC=COM with your domain
Raw
ad_sudo_schema.ldif
dn: CN=SudoUser,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
changetype: add
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
objectClass: attributeSchema
objectClass: top
cn: SudoUser
attributeID: 1.3.6.1.4.1.15953.9.1.1
attributeSyntax: 2.5.5.12
isSingleValued: FALSE
lDAPDisplayName: sudoUser
oMSyntax: 64
searchFlags: 1
description: User(s) who may run sudo
dn: CN=SudoHost,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
changetype: add
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
objectClass: attributeSchema
objectClass: top
cn: SudoHost
attributeID: 1.3.6.1.4.1.15953.9.1.2
attributeSyntax: 2.5.5.12
isSingleValued: FALSE
lDAPDisplayName: sudoHost
oMSyntax: 64
searchFlags: 1
description: Host(s) who may run sudo
dn: CN=SudoCommand,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
changetype: add
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
objectClass: attributeSchema
objectClass: top
cn: SudoCommand
attributeID: 1.3.6.1.4.1.15953.9.1.3
attributeSyntax: 2.5.5.12
isSingleValued: FALSE
lDAPDisplayName: sudoCommand
oMSyntax: 64
searchFlags: 1
description: Command(s) to be executed by sudo
dn: CN=SudoRunAs,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
changetype: add
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
objectClass: attributeSchema
objectClass: top
cn: SudoRunAs
attributeID: 1.3.6.1.4.1.15953.9.1.4
attributeSyntax: 2.5.5.12
lDAPDisplayName: sudoRunAs
isSingleValued: FALSE
oMSyntax: 64
searchFlags: 1
description: User(s) impersonated by sudo
dn: CN=SudoOption,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
changetype: add
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
objectClass: attributeSchema
objectClass: top
cn: SudoOption
lDAPDisplayName: sudoOption
attributeID: 1.3.6.1.4.1.15953.9.1.5
attributeSyntax: 2.5.5.12
isSingleValued: FALSE
oMSyntax: 64
searchFlags: 1
description: Options(s) followed by sudo
dn: CN=SudoRunAsUser,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
changetype: add
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
lDAPDisplayName: sudoRunAsUser
cn: SudoRunAsUser
attributeID: 1.3.6.1.4.1.15953.9.1.6
attributeSyntax: 2.5.5.12
objectClass: attributeSchema
objectClass: top
isSingleValued: FALSE
oMSyntax: 64
searchFlags: 1
description: User(s) impersonated by sudo
dn: CN=SudoRunAsGroup,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
changetype: add
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
lDAPDisplayName: sudoRunAsGroup
cn: SudoRunAsGroup
attributeID: 1.3.6.1.4.1.15953.9.1.7
attributeSyntax: 2.5.5.12
objectClass: attributeSchema
objectClass: top
isSingleValued: FALSE
oMSyntax: 64
searchFlags: 1
description: Group(s) impersonated by sudo
dn: CN=SudoNotBefore,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
changetype: add
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
lDAPDisplayName: sudoNotBefore
cn: SudoNotBefore
attributeID: 1.3.6.1.4.1.15953.9.1.8
attributeSyntax: 2.5.5.11
objectClass: attributeSchema
objectClass: top
isSingleValued: FALSE
oMSyntax: 24
searchFlags: 1
description: Start of time interval for which the entry is valid
dn: CN=SudoNotAfter,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
changetype: add
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
lDAPDisplayName: sudoNotAfter
cn: SudoNotAfter
attributeID: 1.3.6.1.4.1.15953.9.1.9
attributeSyntax: 2.5.5.11
objectClass: attributeSchema
objectClass: top
isSingleValued: FALSE
oMSyntax: 24
searchFlags: 1
description: End of time interval for which the entry is valid
dn: CN=SudoOrder,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
changetype: add
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
lDAPDisplayName: sudoOrder
cn: SudoOrder
attributeID: 1.3.6.1.4.1.15953.9.1.10
attributeSyntax: 2.5.5.9
objectClass: attributeSchema
objectClass: top
isSingleValued: FALSE
oMSyntax: 2
searchFlags: 1
description: an integer to order the sudoRole entries
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=SudoRole,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
changetype: add
objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
objectClass: classSchema
objectClass: top
lDAPDisplayName: sudoRole
cn: SudoRole
governsID: 1.3.6.1.4.1.15953.9.2.1
objectClassCategory: 1
defaultObjectCategory: CN=SudoRole,CN=Schema,CN=Configuration,DC=EXAMPLE,DC=COM
possSuperiors: top
subClassOf: top
mustContain: cn
mayContain: sudoUser
mayContain: sudoHost
mayContain: sudoCommand
mayContain: sudoRunAs
mayContain: sudoRunAsUser
mayContain: sudoRunAsGroup
mayContain: sudoOption
mayContain: sudoNotBefore
mayContain: sudoNotAfter
mayContain: sudoOrder
mayContain: description
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
@ashafer01
Copy link
Author

ashafer01 commented Feb 9, 2019
edited
Loading

Attribute syntaxes were mapped sensibly to AD syntaxes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment