[sudo-users] sudo and ldap
Darran Carey
darran.carey at pawsey.org.au
Tue Feb 23 08:07:08 MST 2016
Hi all,
We currently have sudo integration with our test LDAP server (389
directory server) working very nicely for both SLES and CentOS clients.
There is one issue to resolve before considering moving this into
production. We allow anonymous binds to our LDAP servers which means any
user can search the SUDOERS ou. I would equate this with running with
world-readable /etc/sudoers.
Is it possible to tighten the security of the SUDOERS ou and still allow
users to bind anonymously for general LDAP searches, or is the only way
to implement this to have a separate bind DN? Does anyone have any
experience with sudo/LDAP integration that they would be willing to
share?
Regards,
Darran.
More information about the sudo-users
mailing list