[sudo-users] sudo and edirectory
frank.proessdorf at ibb.de
frank.proessdorf at ibb.de
Thu Mar 2 07:43:38 EST 2006
Hello,
I already implemented user authentication against LDAP (OpenLDAP,
eDirectory) and that works. Now I wanted to run sudo with the same
authentication mechanism. With the OpenLDAP Server it runs fine, but it
doesn't with the eDirectory.
Output of the sudo Debug with the eDirectory server:
LDAP Config Summary
===================
uri ldap://xyz.de
ldap_version 3
sudoers_base ou=abt,o=firma
binddn cn=Unix-Query,o=firma
bindpw secret
ssl (no)
==================
ldap_initialize(ld,ldap://xyz.de)
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
ldap_bind() ok
no default options found!
ldap search '(|(sudoUser=endor)(sudoUser=ALL))'
ldap search 'sudoUser=+*'
user_matches=0
host_matches=0
sudo_ldap_check(0)=0x44
If I do those queries manually, the first one works
('(|(sudoUser=endor)(sudoUser=ALL))' ) and the second one doesn't.
Doing the same thing with OpenLDAP Server shows:
LDAP Config Summary
===================
uri ldap://xyz2.de
ldap_version 3
sudoers_base ou=SUDOers,o=firma,c=de
binddn (anonymous)
bindpw (anonymous)
ssl (no)
===================
ldap_initialize(ld,ldap://xyz2.de)
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
ldap_bind() ok
no default options found!
ldap search
'(|(sudoUser=endor)(sudoUser=%users)(sudoUser=%users)(sudoUser=%mygroup)(sudoUser=ALL))'
found:cn=endor,ou=SUDOers,o=firma,c=de
ldap sudoHost 'ALL' ... MATCH!
ldap sudoCommand 'ALL' ... MATCH!
Why's the query different here?
Anybody have any hints as to what I should change?
Best Regards,
Frank Proessdorf
More information about the sudo-users
mailing list