sudo groups in PAM LDAP

Todd C. Miller Todd.Miller at
Thu Feb 26 13:50:24 EST 2004

In message <1077812541.8300.6.camel at>
	so spake Ezsra McDonald (Ezsra_McDonald):

> I grabbed 1.6.8 from the CVS last week and compiled it. I read the
> README.LDAP file. I really did not want to store my sudoers file in
> LDAP. I just want to have sudo use the unix groups I have stored in
> LDAP. 

This sounds like an OS config problem.  Sudo doesn't do anything
special to get at group info--it just uses the standard getgrnam()
function.  My guess is that your /etc/nsswitch.conf is incorrect,
but I don't actually use LDAP so I can't say for sure.

If you have something like:
    group:          files ldap

you might try reversing that order so that ldap is first.

 - todd

More information about the sudo-users mailing list