[sudo-users] sudo & LDAP (not working)
Chris Martino
Chris.Martino at tsysprepaid.com
Tue Mar 8 17:18:01 EST 2005
Hello,
I'm trying to get sudoers into LDAP and I'm mostly there. Everything has
been ported across and /etc/ldap.conf setup but testing it with a simple
'sudo -u user ls' fails. Here's my output:
server:/home/chris # sudo -u chris ls
LDAP Config Summary
===================
host 127.0.0.1
port 389
ldap_version 3
sudoers_base ou=Sudoers,o=TSYS,c=US
binddn (anonymous)
bindpw (anonymous)
ssl on
===================
ldap_init(127.0.0.1,389)
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
ldap_bind() ok
found:cn=defaults,ou=Sudoers,o=TSYS,c=US
ldap sudoOption: 'ignore_local_sudoers'
ldap search
'(|(sudoUser=root)(sudoUser=%root)(sudoUser=%root)(sudoUser=%wheel)(sudoUser=%wheel)(sudoUser=%priv)(sudoUser=%pkcs11)(sudoUser=%pkcs11)(sudoUser=%perldb2)(sudoUser=ALL))'
found:cn=root,ou=Sudoers,o=TSYS,c=US
ldap sudoHost 'ALL' ... MATCH!
ldap sudoCommand 'ALL' ... MATCH!
ldap search 'sudoUser=+*'
user_matches=-1
host_matches=-1
sudo_ldap_check(0)=0x04
Sorry, user root is not allowed to execute '/bin/ls' as chris on server.
Any ideas what's going on here? Here's what my LDAP schema looks like for
the sudoers OU:
# Sudoers, TSYS, US
dn: ou=Sudoers,o=TSYS,c=US
ou: Sudoers
objectClass: top
objectClass: organizationalUnit
# defaults, Sudoers, TSYS, US
dn: cn=defaults,ou=Sudoers,o=TSYS,c=US
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
sudoOption: ignore_local_sudoers
# root, Sudoers, TSYS, US
dn: cn=root,ou=Sudoers,o=TSYS,c=US
objectClass: top
objectClass: sudoRole
cn: root
sudoUser: root
sudoHost: ALL
sudoCommand: ALL
# %users, Sudoers, TSYS, US
dn: cn=%users,ou=Sudoers,o=TSYS,c=US
objectClass: top
objectClass: sudoRole
cn: %users
sudoUser: %users
sudoHost: ALL
sudoCommand: ALL
Any help is greatly appreciated!
Thanks,
Chris
More information about the sudo-users
mailing list