[sudo-users] Sudo using LDAP and RedHat/ Fedora directory server 8
Jan-Frode Myklebust
mykleb at no.ibm.com
Fri May 15 08:35:17 EDT 2009
On 2009-05-14, Aaron Ceraldi <aaron.ceraldi at cybera.net> wrote:
>
> I have been struggling for days now trying to get sudo via LDAP to work
> properly, from what I can tell RHDS 8 comes with the sudo schema built
> in and I have created an ACI to names SUDOers and added a user to it. On
> the server authing via LDAP works perfectly and I have added
> "sudoers_base cn=SUDOers,dc=dmark1,dc=domain,dc=net" to the ldap.conf
> file. When I try and sudo I get: "aceraldi is not in the sudoers file.
> This incident will be reported." I am probably just missing something
> but im very new to LDAP on linux.
>
I don't quite understand what you mean by adding an "ACI to names SUDOers",
at least it doesn't sound like how we're using sudoers with ldap. We have
an ou=SUDOers,dc=example, dc=net where we put our sudo rules, and they looks
like this for f.ex. giving root access to do everything on all hosts:
dn: cn=root,ou=SUDOers,dc=example, dc=net
changetype: add
objectClass: top
objectClass: sudoRole
sudoHost: ALL
sudoCommand: ALL
sudoUser: root
sudoRunAs: ALL
cn: root
-jf
More information about the sudo-users
mailing list