[sudo-users] LDAP sudoHost does not match host netgroup
Julien PAWLAK
julien at pwlk.fr
Tue Nov 10 04:07:10 MST 2015
Hi all,
I use LDAP and SUDO to manage hosts and users, and i have a problem with
sudoHost and netgroup.
Here, you can see the entrie for users admin for example :
*ldapsearch -x "(cn=admin)"*
# extended LDIF
#
# LDAPv3
# base <dc=pwlk,dc=fr> (default) with scope subtree
# filter: (cn=admin)
# requesting: ALL
#
# admin, people, netgroup, pwlk.fr
dn: cn=admin,ou=people,ou=netgroup,dc=pwlk,dc=fr
objectClass: nisNetgroup
objectClass: top
cn: admin
nisNetgroupTriple: (,flac,)
Entrie for hosts :
*ldapsearch -x "(cn=dc1)"*
# extended LDIF
#
# LDAPv3
# base <dc=pwlk,dc=fr> (default) with scope subtree
# filter: (cn=dc1)
# requesting: ALL
#
# dc1, hosts, netgroup, pwlk.fr
dn: cn=dc1,ou=hosts,ou=netgroup,dc=pwlk,dc=fr
objectClass: nisNetgroup
objectClass: top
cn: dc1
nisNetgroupTriple: (dediflac-1,,)
Entrie for sudo :
*ldapsearch -x "(cn=sudo_dc1)"*
# extended LDIF
#
# LDAPv3
# base <dc=pwlk,dc=fr> (default) with scope subtree
# filter: (cn=sudo_dc1)
# requesting: ALL
#
# sudo_dc1, admin, sudo, pwlk.fr
dn: cn=sudo_dc1,ou=admin,ou=sudo,dc=pwlk,dc=fr
objectClass: sudoRole
objectClass: top
sudoRunAs: ALL
sudoCommand: ALL
sudoUser: +admin
sudoHost: +dc1
cn: sudo_dc1
Result of hostname command :
*hostname*
dediflac-1
Result of whoami command
*whoami*
flac
And when i execute command on host dediflac-1 with user flac with sudo
debug, i got this return :
*flac at dediflac-1:~$ sudo ls *
LDAP Config Summary
===================
uri ldap://123.123.123.123
ldap_version 3
sudoers_base ou=sudo,dc=pwlk,dc=fr
binddn cn=admin,dc=pwlk,dc=fr
bindpw XXXXXXX
ssl (no)
===================
sudo: ldap_initialize(ld, ldap://123.123.123.123)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_sasl_bind_s() ok
sudo: found:cn=defaults,ou=sudo,dc=pwlk,dc=fr
sudo: ldap sudoOption: 'env_keep+=SSH_AUTH_SOCK'
sudo: ldap search
'(|(sudoUser=flac)(sudoUser=%readonly)(sudoUser=%admin)(sudoUser=ALL))'
sudo: found:cn=sudo_dc1,ou=admin,ou=sudo,dc=pwlk,dc=fr
sudo: ldap sudoUser netgroup '+admin' ... MATCH!
*sudo: ldap sudoHost '+dc1' ... not*
sudo: user_matches=1
sudo: host_matches=0
sudo: sudo_ldap_lookup(0)=0x40
Host is not match...
Do you have any idea for my problem ?
Thanks
Julien
More information about the sudo-users
mailing list