LDAP on HPUX-IPF (was RE: Where do I get the LDAP patches forsudo.)

Aaron Spangler as at insight.rr.com
Wed May 12 08:37:37 EDT 2004


Galen, There is an option called 'ignore_local_sudoers'.   If it is your
cn=defaults objects, then sudo will not read /etc/sudoers even if there is
not a match in LDAP.  If however the LDAP server is unavailable, then sudo
will attempt to read /etc/sudoers (which you can place a few entries in for
Disaster recovery for example).  Kind of nice how the feature worked out.

 -Aaron

----- Original Message -----
From: "Galen Johnson" <Galen.Johnson at sas.com>
To: "Aaron Spangler" <as at insight.rr.com>
Cc: <sudo-users at sudo.ws>
Sent: Tuesday, May 11, 2004 8:09 PM
Subject: RE: LDAP on HPUX-IPF (was RE: Where do I get the LDAP patches
forsudo.)


Hey Aaron,

I'll hopefully know better tomorrow if I'm going to be able to talk to our
AD server ok (like pulling your own teeth).  One thing, though.  I noticed
that on the todo you had indicated you were working on disabling local
sudoers.  Any progress on that front?  It would make my security guys very
happy (I am assuming that it looks at both for now).

=G=


-----Original Message-----
From: sudo-users-bounces at sudo.ws on behalf of Aaron Spangler
Sent: Wed 4/28/2004 3:06 PM
To: Galen Johnson
Cc: sudo-users at sudo.ws
Subject: Re: LDAP on HPUX-IPF (was RE: Where do I get the LDAP patches
forsudo.)

Thanks for the build tip.  I gave you credit in 'README.LDAP'.

 -Aaron

Galen Johnson wrote:

> Hey Aaron,
>
> I just did a make on HPUX 11.23 using gcc 3.  I had to do the following
(using the README.LDAP with minor mods).
>
> I had to configure with the following:
>
> CFLAGS="-D__10_10_compat_code" LDFLAGS="-L/opt/ldapux/lib"
./configure --with-ldap --with-pam
>
> You'll notice that I didn't have to use the includes (since they weren't
under /opt/ldapux and noone knew where they might be)
>
> I then had to comment out the #define HAVE_LDAP_START_TLS_S in config.h
along with the other changes recommended in the readme.  It might be useful
to have a --with-ldap-tls config option to enable this functionality rather
than defaulting to enabled).
>
> Until our AD group can add the schema I won't know how successful I've
been but I was at least able to compile it (which is usually half the
battle).
>
> I'll keep you posted.  (it'd be nice to get some idea of when 1.6.8 is
planning to be released so I don't have to grab from CVS)
>
> =G=
>
> -----Original Message-----
> From: Aaron Spangler [mailto:aaron at spangler.ods.org]
> Sent: Saturday, April 24, 2004 7:35 PM
> To: Galen Johnson
> Cc: as at insight.rr.com; Aaron Spangler; Leadbeter Jim; sudo-users at sudo.ws
> Subject: Re: Where do I get the LDAP patches for sudo.
>
> Any generic ldap client libraries should be fine communicating with LDAP.
> If you wanted to either do ldap_start_tls or LDAP over SSL(aka TLS) then
> you would want to use different client libraries.  Also some modifications
> would be needed to be done to Active Directory. (Such as installing a
> certificate.)
>
>  - Aaron
>
> >
> > It might also be worthwhile to note that the primary ldap server will be
=
> > MS Active Directory but hopefully the calls should work ok.
> >
> > =3DG=3D
> >
> >
> > -----Original Message-----
> > From: Aaron Spangler [mailto:as at insight.rr.com]
> > Sent: Fri 4/23/2004 3:14 PM
> > To: Galen Johnson; Aaron Spangler; Leadbeter, Jim
> > Cc: sudo-users at sudo.ws
> > Subject: Re: Where do I get the LDAP patches for sudo.
> > =20
> > I've never done Itanium before.  (I've been an HP-UX junky since 6.5 & =
> > HP-UX=20
> > 8.  I haven't used it much since 11.11 came out though).
> >
> > If I remember right, ldapux installs itself in /opt (but I could be =
> > wrong).
> > That said, it should work if you include /opt/ldapux/include & =
> > /opt/ldapux/
> > lib . (The paths might be different, I am just guessing at this point.)
> >
> > Please let me know if you run into any problems.
> > I would be glad to help in any way I can.
> >
> >
> >  -Aaron
> >
> >
> > On Saturday 24 April 2004 01:52 am, Galen Johnson wrote:
> >
> > Do you know if this will compile on HPUX/IPF (Itanium) with the
ldapux=20
> > component of HP?  I'll find out Monday, but I was jsut hoping you might
=
> > know=20
> > of any gotchas.
> >
> >
> >
> >

____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users







More information about the sudo-users mailing list