2 # OpenLDAP schema file for Sudo
3 # Save as /etc/openldap/schema/sudo.schema
6 attributetype ( 1.3.6.1.4.1.15953.9.1.1
8 DESC 'User(s) who may run sudo'
9 EQUALITY caseExactIA5Match
10 SUBSTR caseExactIA5SubstringsMatch
11 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
13 attributetype ( 1.3.6.1.4.1.15953.9.1.2
15 DESC 'Host(s) who may run sudo'
16 EQUALITY caseExactIA5Match
17 SUBSTR caseExactIA5SubstringsMatch
18 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
20 attributetype ( 1.3.6.1.4.1.15953.9.1.3
22 DESC 'Command(s) to be executed by sudo'
23 EQUALITY caseExactIA5Match
24 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
26 attributetype ( 1.3.6.1.4.1.15953.9.1.4
28 DESC 'User(s) impersonated by sudo (deprecated)'
29 EQUALITY caseExactIA5Match
30 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
32 attributetype ( 1.3.6.1.4.1.15953.9.1.5
34 DESC 'Options(s) followed by sudo'
35 EQUALITY caseExactIA5Match
36 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
38 attributetype ( 1.3.6.1.4.1.15953.9.1.6
40 DESC 'User(s) impersonated by sudo'
41 EQUALITY caseExactIA5Match
42 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
44 attributetype ( 1.3.6.1.4.1.15953.9.1.7
46 DESC 'Group(s) impersonated by sudo'
47 EQUALITY caseExactIA5Match
48 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
50 attributetype ( 1.3.6.1.4.1.15953.9.1.8
52 DESC 'Start of time interval for which the entry is valid'
53 EQUALITY generalizedTimeMatch
54 ORDERING generalizedTimeOrderingMatch
55 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
57 attributetype ( 1.3.6.1.4.1.15953.9.1.9
59 DESC 'End of time interval for which the entry is valid'
60 EQUALITY generalizedTimeMatch
61 ORDERING generalizedTimeOrderingMatch
62 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
64 attributeTypes ( 1.3.6.1.4.1.15953.9.1.10
66 DESC 'an integer to order the sudoRole entries'
68 ORDERING integerOrderingMatch
69 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
71 objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
74 MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ sudoNotAfter $