Sudo + LDAP

Aaron Spangler as at
Mon Oct 13 11:05:50 EDT 2003

The patch was released to Todd friday (10/10/03).  I am hoping he will
redistribute when he gets a chance.

The LDAP patch makes it really nice on several hundred unix boxes.  It can
be configure to not use /etc/sudoers at all.  Since there is no
/etc/sudoers, there is no longer a need for visudo, so depending on the
installation it is possible for a single executable deployment.
Sudo with the LDAP patch does use the shared config file /etc/ldap.conf
This file is used to locate the LDAP server and is also used by pam_ldap &
nss_ldap on various unix's.


> Hello,
> In the sudo-users archives, I found some references to work you did on
> integrating an LDAP directory  as a replacement for the /etc/sudoers file.
> Is this code in a usable state, and if so, is it publically available? I
> administer sudo on a large and growing cluster of linux boxes and
> centralized configuration management would be a boon.
> Thanks for your time.
> --
> Kevin Murphy

More information about the sudo-users mailing list