[sudo-users] sudo - LDAP and netgroups
Andreas Hasenack
ahasenack at terra.com.br
Thu Oct 11 16:59:41 EDT 2007
Em Qui, 2007-10-11 às 21:38 +0200, Jo De Troy escreveu:
> Hello Andreas,
>
> with the sudoRole as is sudoUser: jdoe it works. But when I switch the
> sudoUser to +LinuxAdmins is fails.
> The nsswitch.conf is set up correctly I can query the netgroup with
> the getent command. Could this be a RedHat/CentOs specific bug? Or is
> it related to the version of sudo?
> On the LDAP server side I see the query coming in all right, I also
> saw that with the debugmode on in /etc/ldap.conf. Sudo finds the
> netgroups but for some reason it does not see the entries in the
> netgroups or fails to find the entry of the user running sudo -l.
> Any ideas? How could I debug further? I already have sudoers_debug 3
> in the /etc/ldap.conf.
Try using (,jdoe,) instead of (-,jdoe,-) in the nisNetgroupTriple
attribute. Not sure if it will help, but here for hosts netgroups I use
just (hostname,,) and it works.
More information about the sudo-users
mailing list