[sudo-users] Allowing all users via LDAP?

Aaron Spangler as at insight.rr.com
Thu Jul 8 22:26:00 EDT 2004


Weird.  All the attributes should be case insensitive.  The code ignores 
case when doing comparison, however for the sudoUser attribute, the 
comparison is actually performed by the LDAP server.  If you used the 
LDAP Schema definition included in the documentation, it should be a 
case-insensitive comparison.  Try setting 'sudoers_debug' to 2 in 
/etc/ldap.conf and watching the results come back from the LDAP server.  
Try different variations of case and see it it make a difference in the 
search results as they come back.  Send me both results and maybe I can 
help. 

Also if you don't mind me asking, which LDAP server are you using?  
Maybe I need to rewrite the LDAP sudoUser schema definition to be 
something slightly different so that strings are compared 
case-insensative for ALL LDAP server software.

 -Aaron


Jacob Pszonowsky wrote:

> Thanks Aaron - I think the problem was that I was using "All" - when I 
> tried "ALL" it works.
>
> Should capitalization matter here?
>
> Thanks,
> Jake
>
> Jacob Pszonowsky
>
> jdp16 at mac.com
> (c) 415.225.2647
> (f) 415.358.5918
>
> On Jul 7, 2004, at 6:14 PM, Aaron Spangler wrote:
>
>> Yes.
>>
>> -Aaron
>>
>> Jacob Pszonowsky wrote:
>>
>>> Is the All keyword allowed in the sudoUser attribute for All users 
>>> in a system?
>>>
>>> -Jake
>>>
>>> Jacob Pszonowsky
>>>
>>> jdp16 at mac.com
>>> (c) 415.225.2647
>>> (f) 415.358.5918
>>>
>>>
>>>
>>> Jacob Pszonowsky
>>>
>>> jdp16 at mac.com
>>> (c) 415.225.2647
>>> (f) 415.358.5918
>>>
>>> ____________________________________________________________ 
>>> sudo-users mailing list <sudo-users at gratisoft.us>
>>> For list information, options, or to unsubscribe, visit:
>>> http://www.gratisoft.us/mailman/listinfo/sudo-users
>>
>>
>>
>
>
>
> Jacob Pszonowsky
>
> jdp16 at mac.com
> (c) 415.225.2647
> (f) 415.358.5918
>  
>
> ____________________________________________________________ 
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users





More information about the sudo-users mailing list