I have this log after doing a debug_level=6 in the sudo section and have attached a txt file for the ldbsearch -H /var/lib/sss/db/cache_ai.co.zw.ldb
[root@ironhide ~]# tail -f /var/log/sssd/sssd_sudo.log (Wed Apr 8 10:10:03 2015) [sssd[sudo]] [sysdb_domain_init_internal] (0x0200): DB File for ai.co.zw: /var/lib/sss/db/cache_ai.co.zw.ldb (Wed Apr 8 10:10:03 2015) [sssd[sudo]] [ldb] (0x0400): asq: Unable to register control with rootdse! (Wed Apr 8 10:10:03 2015) [sssd[sudo]] [sss_process_init] (0x0400): Responder Initialization complete (Wed Apr 8 10:10:03 2015) [sssd[sudo]] [sudo_process_init] (0x0400): SUDO Initialization complete (Wed Apr 8 10:10:03 2015) [sssd[sudo]] [sss_dp_issue_request] (0x0400): Issuing request for [0x40c900:doma...@ai.co.zw] (Wed Apr 8 10:10:03 2015) [sssd[sudo]] [sss_dp_get_domains_msg] (0x0400): Sending get domains request for [ai.co.zw][forced][] (Wed Apr 8 10:10:03 2015) [sssd[sudo]] [sss_dp_internal_get_send] (0x0400): Entering request [0x40c900:doma...@ai.co.zw] (Wed Apr 8 10:10:03 2015) [sssd[sudo]] [dp_id_callback] (0x0100): Got id ack and version (1) from DP (Wed Apr 8 10:10:03 2015) [sssd[sudo]] [id_callback] (0x0100): Got id ack and version (1) from Monitor (Wed Apr 8 10:10:04 2015) [sssd[sudo]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x40c900:doma...@ai.co.zw] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [accept_fd_handler] (0x0400): Client connected! (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_cmd_get_version] (0x0200): Received client version [1]. (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_cmd_get_version] (0x0200): Offered version [1]. (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name 'admin' matched without domain, user is admin (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name 'admin' matched without domain, user is admin (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_cmd_parse_query_done] (0x0200): Requesting default options for [admin] from [<ALL>] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_user] (0x0200): Requesting info about [ad...@ai.co.zw] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [ad...@ai.co.zw] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving default options for [admin] from [ai.co.zw] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=admin)(sud oUser=#1468200000)(sudoUser=%admins)(sudoUser=%trust admins)(sudoUser=%admins)(sudoUser=+*))(&(dataExpireTimestamp<=1428480892))) ] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(name=defaults)))] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules for [<default options>@ai.co.zw] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name 'admin' matched without domain, user is admin (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name 'admin' matched without domain, user is admin (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_cmd_parse_query_done] (0x0200): Requesting rules for [admin] from [<ALL>] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_user] (0x0200): Requesting info about [ad...@ai.co.zw] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [ad...@ai.co.zw] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving rules for [admin] from [ai.co.zw] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=admin)(sud oUser=#1468200000)(sudoUser=%admins)(sudoUser=%trust admins)(sudoUser=%admins)(sudoUser=+*))(&(dataExpireTimestamp<=1428480892))) ] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=admin)(sudoUser=#14682000 00)(sudoUser=%admins)(sudoUser=%trust admins)(sudoUser=%admins)(sudoUser=+*)))] (Wed Apr 8 10:14:52 2015) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for [ad...@ai.co.zw] (Wed Apr 8 10:15:02 2015) [sssd[sudo]] [client_recv] (0x0200): Client disconnected! -----Original Message----- From: Jakub Hrozek [mailto:jhro...@redhat.com] Sent: Wednesday, April 08, 2015 10:07 AM To: Chamambo Martin Cc: freeipa-users@redhat.com; 'Lukas Slebodnik' Subject: Re: [Freeipa-users] FreeIPA, version: 4.1.0 and sudo configuration On Wed, Apr 08, 2015 at 10:00:50AM +0200, Chamambo Martin wrote: > I have these logs and cant seem to make sense of them These are not the logs we asked for. What we need is debug_level=6 in the sudo section, then run sudo, then attach /var/log/sssd/sssd_sudo.log. It would also be nice if you could install ldb-tools and run: ldbsearch -H /var/lib/sss/db/cache_ai.co.zw.ldb To see if the sudo rules were cached at all by the sudo full refresh (see man sssd-sudo for description of the different refreshes sssd does).
# record 1 dn: name=login,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: login ipauniqueid: 5931df0c-d8c0-11e4-9f0b-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=login,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=login,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 2 dn: name=proftpd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: proftpd ipauniqueid: cbc9010c-d8c1-11e4-b74a-525400143fc1 objectclass: ipaobject objectclass: ipahbacservice originalDN: cn=proftpd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=proftpd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysd b # record 3 dn: name=admins,cn=groups,cn=ai.co.zw,cn=sysdb createTimestamp: 1428096032 gidNumber: 1468200000 name: admins objectClass: group isPosix: TRUE originalDN: cn=admins,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw member: name=admin,cn=users,cn=ai.co.zw,cn=sysdb memberuid: admin orig_member: uid=admin,cn=users,cn=accounts,dc=ai,dc=co,dc=zw originalModifyTimestamp: 20150407175030Z entryUSN: 28639 lastUpdate: 1428479925 dataExpireTimestamp: 1428485325 distinguishedName: name=admins,cn=groups,cn=ai.co.zw,cn=sysdb # record 4 dn: name=ironhide.ai.co.zw,cn=hbac_hosts,cn=custom,cn=ai.co.zw,cn=sysdb fqdn: ironhide.ai.co.zw name: ironhide.ai.co.zw originalDN: fqdn=ironhide.ai.co.zw,cn=computers,cn=accounts,dc=ai,dc=co,dc=zw originalMemberOf: cn=mailservers,cn=hostgroups,cn=accounts,dc=ai,dc=co,dc=zw originalMemberOf: ipaUniqueID=bacaa788-dac0-11e4-93fe-525400143fc1,cn=sudorule s,cn=sudo,dc=ai,dc=co,dc=zw originalMemberOf: cn=mailservers,cn=ng,cn=alt,dc=ai,dc=co,dc=zw serverHostname: ironhide sshPublicKey: c3NoLWRzcyBBQUFBQjNOemFDMWtjM01BQUFDQkFJRE5udWVoYmpIK3VTRnRWZUoy dzFETEJiL0Y4TTd5bHZGbUd5VUZVZlArSVRkUWtkMml4ZUdnL0JVVVYrTy9zbk5RRWh6RmMxZi84c 2hqZ0tsWDdCOTZxTWZOK0k4MnZKeVBDbkdRVzAvZEwrbTRMMmZYaEZzOSs2NnZjcnpSTGo2bmZlcU 9zY1B1eWNwK3FJUDlKcStVamJxbTNpZHJ0RDI2MjlXQnZXTTVBQUFBRlFEVGRZVmx1M1JtNzJPeE5 ieEJlc3MzRE56ZlBRQUFBSUErTDFCQnd6YVdvVDBlUUN5VmxPbE9pOUE4enNIUUkwWTk0R2FBN0d3 V01QWkNSRnI4ZlpXWFFubW1lZWwxZmdHbkUvNWp0clY3Y05UWERRbVM2cEhBOGljekRzV3RkMzlLN TF5UE04NmhyKytiaEx2aXVqeDFwOTJQSnZFODVGajhORFlHR1JCUFowM3ZJMlZGK3JPbW5tb2xsSj JYZVZQeTFUTHEvNmNsd2dBQUFJQTFlS09VMEdrT0dKWXFRWFRCcXpBNlRscmJna0FNRXlnOWVaaW1 yZ2lTeVBRTTF5SUtjZytUaGNTUlRNTjFPT1ZKczRCV2p6dm9PR2IzSVk2OVQ5L2tTOTh2VG9wQVp5 VnllbnltNERuWFd3TmY5V1F4RzM4SGRxNXZuVEZTaFhoZW5XR3h3anJXT09sT3g3OUZEWDJTL0ROM XVpOHJvV1g2aDh2ekJoRzVDQT09 sshPublicKey: c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBd2VXdTNKMXRTdzV0 MHJhYkZWMzRXZ3FaWHJrUFBuTEg2SWxDY3ZnSFRzQ0lnNmpNNGxWOGhrRUNoMm9aTWtRZktpcGdDN 0FpUHdpTnRqSkNxQ2pTcVFYQldJZTJyMXB2TzVPNmRKMnc3VmhHYWY0T3lNZkZzZTY3bnVrY2MyMz dmOTZrbXkxTVVVWVRVSHBxT1cwTUlMMC9OTXExTzFNRU04YVkxbnZIcDk1RVpHTXF3dU01WStBSkN KbGo0Sks2Ynh3bnA4RkI3MDhSTzRoOGFpZDZXdGh0ZHpFQjJ2WUgrZi96NTdyMmxJNGk3RWNXdEVm K0hBczlCTWlmNjNjVE1OcThhOEVjMzV5Sy8wc3FpdmppVVJ1WW9rSnRsRW1BbEpxZEV3czhhZGZqe lhLSzBPVkxlUkhwaE9UZHlGSU9ydDhHRzhhZmE2dlV5MFN1WktGREV3PT0= uniqueID: 2b90a78a-da47-11e4-9ae8-525400143fc1 distinguishedName: name=ironhide.ai.co.zw,cn=hbac_hosts,cn=custom,cn=ai.co.zw, cn=sysdb # record 5 dn: name=chamambom,cn=users,cn=ai.co.zw,cn=sysdb createTimestamp: 1428096343 fullName: Martin Chamambo gecos: Martin Chamambo gidNumber: 1468200001 homeDirectory: /home/chamambom loginShell: /bin/bash name: chamambom objectClass: user uidNumber: 1468200001 originalDN: uid=chamambom,cn=users,cn=accounts,dc=ai,dc=co,dc=zw userPrincipalName: chamam...@ai.co.zw krbLastPwdChange: 20150401231521Z krbPasswordExpiration: 20150630231521Z memberof: name=ipausers,cn=groups,cn=ai.co.zw,cn=sysdb failedLoginAttempts: 0 ccacheFile: FILE:/tmp/krb5cc_1468200001_iZyDmv cachedPassword: $6$pTj0oneavWD1blkW$XokRKnnjbxoecu.OhMwWGTfvUAvATu78arF1GqVclz LtCq2Wun0LCu7u2w/oEbIMr8pSO3ZitJV42xCPih0jw. lastCachedPasswordChange: 1428399866 lastOnlineAuth: 1428399867 lastLogin: 1428399867 initgrExpireTimestamp: 1428405386 originalMemberOf: cn=ipausers,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw originalModifyTimestamp: 20150407175033Z entryUSN: 28655 lastUpdate: 1428476544 dataExpireTimestamp: 1428481944 distinguishedName: name=chamambom,cn=users,cn=ai.co.zw,cn=sysdb # record 6 dn: name=su-l,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: su-l ipauniqueid: 5935a4fc-d8c0-11e4-8e30-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=su-l,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=su-l,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 7 dn: cn=users,cn=ai.co.zw,cn=sysdb cn: Users distinguishedName: cn=users,cn=ai.co.zw,cn=sysdb # record 8 dn: name=gssftp,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: gssftp ipauniqueid: cbcf35ae-d8c1-11e4-b74a-525400143fc1 objectclass: ipaobject objectclass: ipahbacservice originalDN: cn=gssftp,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=gssftp,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 9 dn: name=mailservers,cn=hbac_hostgroups,cn=custom,cn=ai.co.zw,cn=sysdb name: mailservers originalDN: cn=mailservers,cn=hostgroups,cn=accounts,dc=ai,dc=co,dc=zw originalMemberOf: ipaUniqueID=bacaa788-dac0-11e4-93fe-525400143fc1,cn=sudorule s,cn=sudo,dc=ai,dc=co,dc=zw originalMemberOf: cn=mailservers,cn=ng,cn=alt,dc=ai,dc=co,dc=zw uniqueID: 31f11bec-dd4d-11e4-a93d-525400143fc1 distinguishedName: name=mailservers,cn=hbac_hostgroups,cn=custom,cn=ai.co.zw,c n=sysdb # record 10 dn: name=pure-ftpd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: pure-ftpd ipauniqueid: cbf4f4a6-d8c1-11e4-b74a-525400143fc1 objectclass: ipaobject objectclass: ipahbacservice originalDN: cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=pure-ftpd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sy sdb # record 11 dn: cn=ranges,cn=sysdb cn: ranges distinguishedName: cn=ranges,cn=sysdb # record 12 dn: name=crond,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: crond ipauniqueid: cb83542c-d8c1-11e4-b74a-525400143fc1 objectclass: ipaobject objectclass: ipahbacservice originalDN: cn=crond,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=crond,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 13 dn: name=Sudo,cn=hbac_servicegroups,cn=custom,cn=ai.co.zw,cn=sysdb cn: Sudo ipauniqueid: 594f209e-d8c0-11e4-9fb9-525400143fc1 objectclass: ipaobject objectclass: ipahbacservicegroup objectclass: nestedGroup objectclass: groupOfNames objectclass: top orig_member: cn=sudo,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw orig_member: cn=sudo-i,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalDN: cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=Sudo,cn=hbac_servicegroups,cn=custom,cn=ai.co.zw,cn=sy sdb # record 14 dn: cn=groups,cn=ai.co.zw,cn=sysdb cn: Groups distinguishedName: cn=groups,cn=ai.co.zw,cn=sysdb # record 15 dn: cn=sudorules,cn=custom,cn=ai.co.zw,cn=sysdb cn: sudorules sudoLastFullRefreshTime: 1428480613 distinguishedName: cn=sudorules,cn=custom,cn=ai.co.zw,cn=sysdb # record 16 dn: cn=selinux,cn=ai.co.zw,cn=sysdb createTimestamp: 1428479928 lastUpdate: 1428479928 objectClass: selinux order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0 -s0:c0.c1023 user: unconfined_u:s0-s0:c0.c1023 distinguishedName: cn=selinux,cn=ai.co.zw,cn=sysdb # record 17 dn: name=trust admins,cn=groups,cn=ai.co.zw,cn=sysdb createTimestamp: 1428096032 gidNumber: 0 name: trust admins objectClass: group lastUpdate: 1428096032 dataExpireTimestamp: 1428096031 isPosix: FALSE originalDN: cn=trust admins,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw member: name=admin,cn=users,cn=ai.co.zw,cn=sysdb memberuid: admin distinguishedName: name=trust admins,cn=groups,cn=ai.co.zw,cn=sysdb # record 18 dn: name=5b138014-d8c0-11e4-88f2-525400143fc1,cn=hbac_rules,cn=custom,cn=ai.co.zw,cn=sysdb accessRuleType: allow cn: allow_all hostCategory: all ipaenabledflag: TRUE ipauniqueid: 5b138014-d8c0-11e4-88f2-525400143fc1 objectclass: ipaassociation objectclass: ipahbacrule originalDN: ipaUniqueID=5b138014-d8c0-11e4-88f2-525400143fc1,cn=hbac,dc=ai,dc= co,dc=zw serviceCategory: all userCategory: all distinguishedName: name=5b138014-d8c0-11e4-88f2-525400143fc1,cn=hbac_rules,cn= custom,cn=ai.co.zw,cn=sysdb # record 19 dn: name=admin,cn=users,cn=ai.co.zw,cn=sysdb createTimestamp: 1428096004 fullName: Administrator gecos: Administrator gidNumber: 1468200000 homeDirectory: /home/admin loginShell: /bin/bash name: admin objectClass: user uidNumber: 1468200000 originalDN: uid=admin,cn=users,cn=accounts,dc=ai,dc=co,dc=zw userPrincipalName: ad...@ai.co.zw krbLastPwdChange: 20150401225414Z krbPasswordExpiration: 20150630225414Z nsAccountLock: FALSE memberof: name=admins,cn=groups,cn=ai.co.zw,cn=sysdb memberof: name=trust admins,cn=groups,cn=ai.co.zw,cn=sysdb failedLoginAttempts: 0 originalMemberOf: cn=admins,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw originalMemberOf: cn=Replication Administrators,cn=privileges,cn=pbac,dc=ai,dc =co,dc=zw originalMemberOf: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=ai,d c=co,dc=zw originalMemberOf: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=a i,dc=co,dc=zw originalMemberOf: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=a i,dc=co,dc=zw originalMemberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=a i,dc=co,dc=zw originalMemberOf: cn=Modify PassSync Managers Configuration,cn=permissions,cn= pbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=Read PassSync Managers Configuration,cn=permissions,cn=pb ac,dc=ai,dc=co,dc=zw originalMemberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,d c=ai,dc=co,dc=zw originalMemberOf: cn=System: Read Replication Agreements,cn=permissions,cn=pba c,dc=ai,dc=co,dc=zw originalMemberOf: cn=Host Enrollment,cn=privileges,cn=pbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=System: Add krbPrincipalName to a Host,cn=permissions,cn= pbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=System: Enroll a Host,cn=permissions,cn=pbac,dc=ai,dc=co, dc=zw originalMemberOf: cn=System: Manage Host Certificates,cn=permissions,cn=pbac,d c=ai,dc=co,dc=zw originalMemberOf: cn=System: Manage Host Enrollment Password,cn=permissions,cn =pbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=System: Manage Host Keytab,cn=permissions,cn=pbac,dc=ai,d c=co,dc=zw originalMemberOf: cn=trust admins,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw ccacheFile: FILE:/tmp/krb5cc_1468200000_9sn3h8 originalModifyTimestamp: 20150408075739Z entryUSN: 33932 initgrExpireTimestamp: 1428485325 lastUpdate: 1428479925 dataExpireTimestamp: 1428485325 cachedPassword: $6$/aIamxWeMB5TYjBA$5kQvX8sqjSJKtdyxMTzPVbNkhhhOQmCKSQqT19j..N xOHyJfMjdQJDOM47R4QIKqRejKkcFzbZ0tHWDUnqy0p0 lastCachedPasswordChange: 1428479927 lastOnlineAuth: 1428479927 lastLogin: 1428479927 distinguishedName: name=admin,cn=users,cn=ai.co.zw,cn=sysdb # record 20 dn: name=gdm,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: gdm ipauniqueid: 59462a0c-d8c0-11e4-84ca-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=gdm,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=gdm,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 21 dn: name=ftp,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: ftp ipauniqueid: 592cb93c-d8c0-11e4-a4b6-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=ftp,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=ftp,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 22 dn: name=ftp,cn=hbac_servicegroups,cn=custom,cn=ai.co.zw,cn=sysdb cn: ftp ipauniqueid: cbde0444-d8c1-11e4-b74a-525400143fc1 objectclass: top objectclass: ipahbacservicegroup objectclass: ipaobject objectclass: groupOfNames objectclass: nestedGroup orig_member: cn=vsftpd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw orig_member: cn=ftp,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw orig_member: cn=proftpd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw orig_member: cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw orig_member: cn=gssftp,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalDN: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=ftp,cn=hbac_servicegroups,cn=custom,cn=ai.co.zw,cn=sys db # record 23 dn: name=vsftpd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: vsftpd ipauniqueid: cbd885c8-d8c1-11e4-b74a-525400143fc1 objectclass: ipaobject objectclass: ipahbacservice originalDN: cn=vsftpd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=vsftpd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 24 dn: name=mailservers,cn=Netgroups,cn=ai.co.zw,cn=sysdb createTimestamp: 1428428824 name: mailservers objectClass: netgroup originalDN: cn=mailservers,cn=ng,cn=alt,dc=ai,dc=co,dc=zw netgroupTriple: (ironhide.ai.co.zw,-,ai.co.zw) netgroupTriple: (alvin.ai.co.zw,-,ai.co.zw) netgroupTriple: (madagascar.ai.co.zw,-,ai.co.zw) netgroupTriple: (nemo.ai.co.zw,-,ai.co.zw) lastUpdate: 1428478386 dataExpireTimestamp: 1428483786 distinguishedName: name=mailservers,cn=Netgroups,cn=ai.co.zw,cn=sysdb # record 25 dn: name=su,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: su ipauniqueid: 592f4e4a-d8c0-11e4-89f3-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=su,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=su,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 26 dn: name=sshd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: sshd ipauniqueid: 5928eb0e-d8c0-11e4-99e7-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=sshd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=sshd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 27 dn: cn=sysdb cn: sysdb description: base object version: 0.15 distinguishedName: cn=sysdb # record 28 dn: name=sudo,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: sudo ipauniqueid: 59383208-d8c0-11e4-8550-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=sudo,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=sudo,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 29 dn: name=file-commands,cn=sudorules,cn=custom,cn=ai.co.zw,cn=sysdb cn: file-commands dataExpireTimestamp: 1428486013 entryUSN: 28714 name: file-commands objectClass: sudoRule originalDN: cn=file-commands,ou=sudoers,dc=ai,dc=co,dc=zw sudoCommand: /usr/bin/vim sudoCommand: /usr/bin/less sudoHost: +mailservers sudoRunAsGroup: ALL sudoRunAsUser: admin sudoRunAsUser: chamambom sudoRunAsUser: kamoyob sudoRunAsUser: kumalop sudoRunAsUser: machangeteb sudoRunAsUser: masaitit sudoRunAsUser: masvivic sudoRunAsUser: matangiraa sudoRunAsUser: nyahumap sudoRunAsUser: pedzisail sudoRunAsUser: tayengwaj sudoUser: ALL distinguishedName: name=file-commands,cn=sudorules,cn=custom,cn=ai.co.zw,cn=sy sdb # record 30 dn: name=ipausers,cn=groups,cn=ai.co.zw,cn=sysdb createTimestamp: 1428096350 gidNumber: 0 name: ipausers objectClass: group lastUpdate: 1428096350 dataExpireTimestamp: 1428096349 isPosix: FALSE originalDN: cn=ipausers,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw member: name=chamambom,cn=users,cn=ai.co.zw,cn=sysdb memberuid: chamambom distinguishedName: name=ipausers,cn=groups,cn=ai.co.zw,cn=sysdb # record 31 dn: name=chamambom,cn=groups,cn=ai.co.zw,cn=sysdb createTimestamp: 1428096350 gidNumber: 1468200001 name: chamambom objectClass: group isPosix: TRUE originalDN: cn=chamambom,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw originalModifyTimestamp: 20150401231355Z entryUSN: 1532 lastUpdate: 1428476544 dataExpireTimestamp: 1428481944 distinguishedName: name=chamambom,cn=groups,cn=ai.co.zw,cn=sysdb # record 32 dn: name=gdm-password,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: gdm-password ipauniqueid: 5948bdb2-d8c0-11e4-8e2c-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=gdm-password,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=gdm-password,cn=hbac_services,cn=custom,cn=ai.co.zw,cn =sysdb # record 33 dn: cn=ai.co.zw,cn=sysdb cn: ai.co.zw distinguishedName: cn=ai.co.zw,cn=sysdb # record 34 dn: name=kdm,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: kdm ipauniqueid: 594c9ab8-d8c0-11e4-a159-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=kdm,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=kdm,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 35 dn: name=sudo-i,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: sudo-i ipauniqueid: 59424888-d8c0-11e4-9ad5-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=sudo-i,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=sudo-i,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # returned 35 records # 35 entries # 0 referrals # record 1 dn: name=login,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: login ipauniqueid: 5931df0c-d8c0-11e4-9f0b-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=login,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=login,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 2 dn: name=proftpd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: proftpd ipauniqueid: cbc9010c-d8c1-11e4-b74a-525400143fc1 objectclass: ipaobject objectclass: ipahbacservice originalDN: cn=proftpd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=proftpd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysd b # record 3 dn: name=admins,cn=groups,cn=ai.co.zw,cn=sysdb createTimestamp: 1428096032 gidNumber: 1468200000 name: admins objectClass: group isPosix: TRUE originalDN: cn=admins,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw member: name=admin,cn=users,cn=ai.co.zw,cn=sysdb memberuid: admin orig_member: uid=admin,cn=users,cn=accounts,dc=ai,dc=co,dc=zw originalModifyTimestamp: 20150407175030Z entryUSN: 28639 lastUpdate: 1428479925 dataExpireTimestamp: 1428485325 distinguishedName: name=admins,cn=groups,cn=ai.co.zw,cn=sysdb # record 4 dn: name=ironhide.ai.co.zw,cn=hbac_hosts,cn=custom,cn=ai.co.zw,cn=sysdb fqdn: ironhide.ai.co.zw name: ironhide.ai.co.zw originalDN: fqdn=ironhide.ai.co.zw,cn=computers,cn=accounts,dc=ai,dc=co,dc=zw originalMemberOf: cn=mailservers,cn=hostgroups,cn=accounts,dc=ai,dc=co,dc=zw originalMemberOf: ipaUniqueID=bacaa788-dac0-11e4-93fe-525400143fc1,cn=sudorule s,cn=sudo,dc=ai,dc=co,dc=zw originalMemberOf: cn=mailservers,cn=ng,cn=alt,dc=ai,dc=co,dc=zw serverHostname: ironhide sshPublicKey: c3NoLWRzcyBBQUFBQjNOemFDMWtjM01BQUFDQkFJRE5udWVoYmpIK3VTRnRWZUoy dzFETEJiL0Y4TTd5bHZGbUd5VUZVZlArSVRkUWtkMml4ZUdnL0JVVVYrTy9zbk5RRWh6RmMxZi84c 2hqZ0tsWDdCOTZxTWZOK0k4MnZKeVBDbkdRVzAvZEwrbTRMMmZYaEZzOSs2NnZjcnpSTGo2bmZlcU 9zY1B1eWNwK3FJUDlKcStVamJxbTNpZHJ0RDI2MjlXQnZXTTVBQUFBRlFEVGRZVmx1M1JtNzJPeE5 ieEJlc3MzRE56ZlBRQUFBSUErTDFCQnd6YVdvVDBlUUN5VmxPbE9pOUE4enNIUUkwWTk0R2FBN0d3 V01QWkNSRnI4ZlpXWFFubW1lZWwxZmdHbkUvNWp0clY3Y05UWERRbVM2cEhBOGljekRzV3RkMzlLN TF5UE04NmhyKytiaEx2aXVqeDFwOTJQSnZFODVGajhORFlHR1JCUFowM3ZJMlZGK3JPbW5tb2xsSj JYZVZQeTFUTHEvNmNsd2dBQUFJQTFlS09VMEdrT0dKWXFRWFRCcXpBNlRscmJna0FNRXlnOWVaaW1 yZ2lTeVBRTTF5SUtjZytUaGNTUlRNTjFPT1ZKczRCV2p6dm9PR2IzSVk2OVQ5L2tTOTh2VG9wQVp5 VnllbnltNERuWFd3TmY5V1F4RzM4SGRxNXZuVEZTaFhoZW5XR3h3anJXT09sT3g3OUZEWDJTL0ROM XVpOHJvV1g2aDh2ekJoRzVDQT09 sshPublicKey: c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBd2VXdTNKMXRTdzV0 MHJhYkZWMzRXZ3FaWHJrUFBuTEg2SWxDY3ZnSFRzQ0lnNmpNNGxWOGhrRUNoMm9aTWtRZktpcGdDN 0FpUHdpTnRqSkNxQ2pTcVFYQldJZTJyMXB2TzVPNmRKMnc3VmhHYWY0T3lNZkZzZTY3bnVrY2MyMz dmOTZrbXkxTVVVWVRVSHBxT1cwTUlMMC9OTXExTzFNRU04YVkxbnZIcDk1RVpHTXF3dU01WStBSkN KbGo0Sks2Ynh3bnA4RkI3MDhSTzRoOGFpZDZXdGh0ZHpFQjJ2WUgrZi96NTdyMmxJNGk3RWNXdEVm K0hBczlCTWlmNjNjVE1OcThhOEVjMzV5Sy8wc3FpdmppVVJ1WW9rSnRsRW1BbEpxZEV3czhhZGZqe lhLSzBPVkxlUkhwaE9UZHlGSU9ydDhHRzhhZmE2dlV5MFN1WktGREV3PT0= uniqueID: 2b90a78a-da47-11e4-9ae8-525400143fc1 distinguishedName: name=ironhide.ai.co.zw,cn=hbac_hosts,cn=custom,cn=ai.co.zw, cn=sysdb # record 5 dn: name=chamambom,cn=users,cn=ai.co.zw,cn=sysdb createTimestamp: 1428096343 fullName: Martin Chamambo gecos: Martin Chamambo gidNumber: 1468200001 homeDirectory: /home/chamambom loginShell: /bin/bash name: chamambom objectClass: user uidNumber: 1468200001 originalDN: uid=chamambom,cn=users,cn=accounts,dc=ai,dc=co,dc=zw userPrincipalName: chamam...@ai.co.zw krbLastPwdChange: 20150401231521Z krbPasswordExpiration: 20150630231521Z memberof: name=ipausers,cn=groups,cn=ai.co.zw,cn=sysdb failedLoginAttempts: 0 ccacheFile: FILE:/tmp/krb5cc_1468200001_iZyDmv cachedPassword: $6$pTj0oneavWD1blkW$XokRKnnjbxoecu.OhMwWGTfvUAvATu78arF1GqVclz LtCq2Wun0LCu7u2w/oEbIMr8pSO3ZitJV42xCPih0jw. lastCachedPasswordChange: 1428399866 lastOnlineAuth: 1428399867 lastLogin: 1428399867 initgrExpireTimestamp: 1428405386 originalMemberOf: cn=ipausers,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw originalModifyTimestamp: 20150407175033Z entryUSN: 28655 lastUpdate: 1428476544 dataExpireTimestamp: 1428481944 distinguishedName: name=chamambom,cn=users,cn=ai.co.zw,cn=sysdb # record 6 dn: name=su-l,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: su-l ipauniqueid: 5935a4fc-d8c0-11e4-8e30-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=su-l,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=su-l,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 7 dn: cn=users,cn=ai.co.zw,cn=sysdb cn: Users distinguishedName: cn=users,cn=ai.co.zw,cn=sysdb # record 8 dn: name=gssftp,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: gssftp ipauniqueid: cbcf35ae-d8c1-11e4-b74a-525400143fc1 objectclass: ipaobject objectclass: ipahbacservice originalDN: cn=gssftp,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=gssftp,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 9 dn: name=mailservers,cn=hbac_hostgroups,cn=custom,cn=ai.co.zw,cn=sysdb name: mailservers originalDN: cn=mailservers,cn=hostgroups,cn=accounts,dc=ai,dc=co,dc=zw originalMemberOf: ipaUniqueID=bacaa788-dac0-11e4-93fe-525400143fc1,cn=sudorule s,cn=sudo,dc=ai,dc=co,dc=zw originalMemberOf: cn=mailservers,cn=ng,cn=alt,dc=ai,dc=co,dc=zw uniqueID: 31f11bec-dd4d-11e4-a93d-525400143fc1 distinguishedName: name=mailservers,cn=hbac_hostgroups,cn=custom,cn=ai.co.zw,c n=sysdb # record 10 dn: name=pure-ftpd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: pure-ftpd ipauniqueid: cbf4f4a6-d8c1-11e4-b74a-525400143fc1 objectclass: ipaobject objectclass: ipahbacservice originalDN: cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=pure-ftpd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sy sdb # record 11 dn: cn=ranges,cn=sysdb cn: ranges distinguishedName: cn=ranges,cn=sysdb # record 12 dn: name=crond,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: crond ipauniqueid: cb83542c-d8c1-11e4-b74a-525400143fc1 objectclass: ipaobject objectclass: ipahbacservice originalDN: cn=crond,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=crond,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 13 dn: name=Sudo,cn=hbac_servicegroups,cn=custom,cn=ai.co.zw,cn=sysdb cn: Sudo ipauniqueid: 594f209e-d8c0-11e4-9fb9-525400143fc1 objectclass: ipaobject objectclass: ipahbacservicegroup objectclass: nestedGroup objectclass: groupOfNames objectclass: top orig_member: cn=sudo,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw orig_member: cn=sudo-i,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalDN: cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=Sudo,cn=hbac_servicegroups,cn=custom,cn=ai.co.zw,cn=sy sdb # record 14 dn: cn=groups,cn=ai.co.zw,cn=sysdb cn: Groups distinguishedName: cn=groups,cn=ai.co.zw,cn=sysdb # record 15 dn: cn=sudorules,cn=custom,cn=ai.co.zw,cn=sysdb cn: sudorules sudoLastFullRefreshTime: 1428480613 distinguishedName: cn=sudorules,cn=custom,cn=ai.co.zw,cn=sysdb # record 16 dn: cn=selinux,cn=ai.co.zw,cn=sysdb createTimestamp: 1428479928 lastUpdate: 1428479928 objectClass: selinux order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0 -s0:c0.c1023 user: unconfined_u:s0-s0:c0.c1023 distinguishedName: cn=selinux,cn=ai.co.zw,cn=sysdb # record 17 dn: name=trust admins,cn=groups,cn=ai.co.zw,cn=sysdb createTimestamp: 1428096032 gidNumber: 0 name: trust admins objectClass: group lastUpdate: 1428096032 dataExpireTimestamp: 1428096031 isPosix: FALSE originalDN: cn=trust admins,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw member: name=admin,cn=users,cn=ai.co.zw,cn=sysdb memberuid: admin distinguishedName: name=trust admins,cn=groups,cn=ai.co.zw,cn=sysdb # record 18 dn: name=5b138014-d8c0-11e4-88f2-525400143fc1,cn=hbac_rules,cn=custom,cn=ai.co.zw,cn=sysdb accessRuleType: allow cn: allow_all hostCategory: all ipaenabledflag: TRUE ipauniqueid: 5b138014-d8c0-11e4-88f2-525400143fc1 objectclass: ipaassociation objectclass: ipahbacrule originalDN: ipaUniqueID=5b138014-d8c0-11e4-88f2-525400143fc1,cn=hbac,dc=ai,dc= co,dc=zw serviceCategory: all userCategory: all distinguishedName: name=5b138014-d8c0-11e4-88f2-525400143fc1,cn=hbac_rules,cn= custom,cn=ai.co.zw,cn=sysdb # record 19 dn: name=admin,cn=users,cn=ai.co.zw,cn=sysdb createTimestamp: 1428096004 fullName: Administrator gecos: Administrator gidNumber: 1468200000 homeDirectory: /home/admin loginShell: /bin/bash name: admin objectClass: user uidNumber: 1468200000 originalDN: uid=admin,cn=users,cn=accounts,dc=ai,dc=co,dc=zw userPrincipalName: ad...@ai.co.zw krbLastPwdChange: 20150401225414Z krbPasswordExpiration: 20150630225414Z nsAccountLock: FALSE memberof: name=admins,cn=groups,cn=ai.co.zw,cn=sysdb memberof: name=trust admins,cn=groups,cn=ai.co.zw,cn=sysdb failedLoginAttempts: 0 originalMemberOf: cn=admins,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw originalMemberOf: cn=Replication Administrators,cn=privileges,cn=pbac,dc=ai,dc =co,dc=zw originalMemberOf: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=ai,d c=co,dc=zw originalMemberOf: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=a i,dc=co,dc=zw originalMemberOf: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=a i,dc=co,dc=zw originalMemberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=a i,dc=co,dc=zw originalMemberOf: cn=Modify PassSync Managers Configuration,cn=permissions,cn= pbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=Read PassSync Managers Configuration,cn=permissions,cn=pb ac,dc=ai,dc=co,dc=zw originalMemberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,d c=ai,dc=co,dc=zw originalMemberOf: cn=System: Read Replication Agreements,cn=permissions,cn=pba c,dc=ai,dc=co,dc=zw originalMemberOf: cn=Host Enrollment,cn=privileges,cn=pbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=System: Add krbPrincipalName to a Host,cn=permissions,cn= pbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=System: Enroll a Host,cn=permissions,cn=pbac,dc=ai,dc=co, dc=zw originalMemberOf: cn=System: Manage Host Certificates,cn=permissions,cn=pbac,d c=ai,dc=co,dc=zw originalMemberOf: cn=System: Manage Host Enrollment Password,cn=permissions,cn =pbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=System: Manage Host Keytab,cn=permissions,cn=pbac,dc=ai,d c=co,dc=zw originalMemberOf: cn=trust admins,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw ccacheFile: FILE:/tmp/krb5cc_1468200000_9sn3h8 originalModifyTimestamp: 20150408075739Z entryUSN: 33932 initgrExpireTimestamp: 1428485325 lastUpdate: 1428479925 dataExpireTimestamp: 1428485325 cachedPassword: $6$/aIamxWeMB5TYjBA$5kQvX8sqjSJKtdyxMTzPVbNkhhhOQmCKSQqT19j..N xOHyJfMjdQJDOM47R4QIKqRejKkcFzbZ0tHWDUnqy0p0 lastCachedPasswordChange: 1428479927 lastOnlineAuth: 1428479927 lastLogin: 1428479927 distinguishedName: name=admin,cn=users,cn=ai.co.zw,cn=sysdb # record 20 dn: name=gdm,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: gdm ipauniqueid: 59462a0c-d8c0-11e4-84ca-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=gdm,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=gdm,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 21 dn: name=ftp,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: ftp ipauniqueid: 592cb93c-d8c0-11e4-a4b6-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=ftp,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=ftp,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 22 dn: name=ftp,cn=hbac_servicegroups,cn=custom,cn=ai.co.zw,cn=sysdb cn: ftp ipauniqueid: cbde0444-d8c1-11e4-b74a-525400143fc1 objectclass: top objectclass: ipahbacservicegroup objectclass: ipaobject objectclass: groupOfNames objectclass: nestedGroup orig_member: cn=vsftpd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw orig_member: cn=ftp,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw orig_member: cn=proftpd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw orig_member: cn=pure-ftpd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw orig_member: cn=gssftp,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalDN: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=ftp,cn=hbac_servicegroups,cn=custom,cn=ai.co.zw,cn=sys db # record 23 dn: name=vsftpd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: vsftpd ipauniqueid: cbd885c8-d8c1-11e4-b74a-525400143fc1 objectclass: ipaobject objectclass: ipahbacservice originalDN: cn=vsftpd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=ftp,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=vsftpd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 24 dn: name=mailservers,cn=Netgroups,cn=ai.co.zw,cn=sysdb createTimestamp: 1428428824 name: mailservers objectClass: netgroup originalDN: cn=mailservers,cn=ng,cn=alt,dc=ai,dc=co,dc=zw netgroupTriple: (ironhide.ai.co.zw,-,ai.co.zw) netgroupTriple: (alvin.ai.co.zw,-,ai.co.zw) netgroupTriple: (madagascar.ai.co.zw,-,ai.co.zw) netgroupTriple: (nemo.ai.co.zw,-,ai.co.zw) lastUpdate: 1428478386 dataExpireTimestamp: 1428483786 distinguishedName: name=mailservers,cn=Netgroups,cn=ai.co.zw,cn=sysdb # record 25 dn: name=su,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: su ipauniqueid: 592f4e4a-d8c0-11e4-89f3-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=su,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=su,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 26 dn: name=sshd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: sshd ipauniqueid: 5928eb0e-d8c0-11e4-99e7-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=sshd,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=sshd,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 27 dn: cn=sysdb cn: sysdb description: base object version: 0.15 distinguishedName: cn=sysdb # record 28 dn: name=sudo,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: sudo ipauniqueid: 59383208-d8c0-11e4-8550-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=sudo,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=sudo,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 29 dn: name=file-commands,cn=sudorules,cn=custom,cn=ai.co.zw,cn=sysdb cn: file-commands dataExpireTimestamp: 1428486013 entryUSN: 28714 name: file-commands objectClass: sudoRule originalDN: cn=file-commands,ou=sudoers,dc=ai,dc=co,dc=zw sudoCommand: /usr/bin/vim sudoCommand: /usr/bin/less sudoHost: +mailservers sudoRunAsGroup: ALL sudoRunAsUser: admin sudoRunAsUser: chamambom sudoRunAsUser: kamoyob sudoRunAsUser: kumalop sudoRunAsUser: machangeteb sudoRunAsUser: masaitit sudoRunAsUser: masvivic sudoRunAsUser: matangiraa sudoRunAsUser: nyahumap sudoRunAsUser: pedzisail sudoRunAsUser: tayengwaj sudoUser: ALL distinguishedName: name=file-commands,cn=sudorules,cn=custom,cn=ai.co.zw,cn=sy sdb # record 30 dn: name=ipausers,cn=groups,cn=ai.co.zw,cn=sysdb createTimestamp: 1428096350 gidNumber: 0 name: ipausers objectClass: group lastUpdate: 1428096350 dataExpireTimestamp: 1428096349 isPosix: FALSE originalDN: cn=ipausers,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw member: name=chamambom,cn=users,cn=ai.co.zw,cn=sysdb memberuid: chamambom distinguishedName: name=ipausers,cn=groups,cn=ai.co.zw,cn=sysdb # record 31 dn: name=chamambom,cn=groups,cn=ai.co.zw,cn=sysdb createTimestamp: 1428096350 gidNumber: 1468200001 name: chamambom objectClass: group isPosix: TRUE originalDN: cn=chamambom,cn=groups,cn=accounts,dc=ai,dc=co,dc=zw originalModifyTimestamp: 20150401231355Z entryUSN: 1532 lastUpdate: 1428476544 dataExpireTimestamp: 1428481944 distinguishedName: name=chamambom,cn=groups,cn=ai.co.zw,cn=sysdb # record 32 dn: name=gdm-password,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: gdm-password ipauniqueid: 5948bdb2-d8c0-11e4-8e2c-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=gdm-password,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=gdm-password,cn=hbac_services,cn=custom,cn=ai.co.zw,cn =sysdb # record 33 dn: cn=ai.co.zw,cn=sysdb cn: ai.co.zw distinguishedName: cn=ai.co.zw,cn=sysdb # record 34 dn: name=kdm,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: kdm ipauniqueid: 594c9ab8-d8c0-11e4-a159-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=kdm,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=kdm,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # record 35 dn: name=sudo-i,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb cn: sudo-i ipauniqueid: 59424888-d8c0-11e4-9ad5-525400143fc1 objectclass: ipahbacservice objectclass: ipaobject originalDN: cn=sudo-i,cn=hbacservices,cn=hbac,dc=ai,dc=co,dc=zw originalMemberOf: cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=ai,dc=co,dc=zw distinguishedName: name=sudo-i,cn=hbac_services,cn=custom,cn=ai.co.zw,cn=sysdb # returned 35 records # 35 entries # 0 referrals
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project