[sudo-users] Re: Can't get sudo working with ldap

Aaron Spangler aaron777 at gmail.com
Wed Apr 6 12:40:33 EDT 2005 

Yes,
  Sounds like a bug.  My fault.  I wrote the script.

 Any volunteers who would be willing to submit a patch to sudoers2ldif?

Matt - Did it work for you when you changed your SudoCommand attribute to ALL ?
Let us know if you still have problems.

 -Aaron



On Wed, 6 Apr 2005 05:41:57 -0400 (EDT), Matt Juszczak <matt at atopia.net> wrote:
> Yep, I think so :)
> 
> On Wed, 6 Apr 2005, Justin Albstmeijer wrote:
> 
> > "SudoCommand: (ALL) ALL" should be "sudoCommand: ALL"
> >
> > A bug in sudoers2ldif?
> >
> >> Howdy all,
> >>
> >> I followed the instructions in the LDAP.readme and everything seemed to
> > be going smooth until I actually tried executing sudo.  I get the
> > following below.  Everything on the ldap server shows communication
> > between the two servers.  Any ideas?
> >>
> >> Thanks!
> >>
> >> -Matt
> >>
> >> ---snip---
> >>
> >> orion$ sudo bash
> >> LDAP Config Summary
> >> ===================
> >> host         *****************
> >> port         389
> >> ldap_version 3
> >> sudoers_base ou=SUDOers,dc=********,dc=net
> >> binddn       cn=pamclient,ou=SystemAccounts,dc=********,dc=net
> >> bindpw       *****************
> >> ssl          on
> >> ===================
> >> ldap_init(************,389)
> >> ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
> >> ldap_bind() ok
> >> found:cn=defaults,ou=SUDOers,dc=********,dc=net
> >> ldap search
> >>
> '(|(sudoUser=mjuszczak)(sudoUser=%users)(sudoUser=%users)(sudoUser=%users)(sudoUser=%admin)(sudoUser=ALL))'
> > found:cn=mjuszczak,ou=SUDOers,dc=*********,dc=net
> >> ldap sudoHost 'orion' ... MATCH!
> >> ldap sudoCommand '(ALL) ALL' ... not
> >> ldap search 'sudoUser=+*'
> >> user_matches=-1
> >> host_matches=-1
> >> sudo_ldap_check(0)=0x04
> >> Password:
> >> mjuszczak is not in the sudoers file.  This incident will be reported.
> > orion$
> >> ____________________________________________________________
> >> sudo-users mailing list <sudo-users at sudo.ws>
> >> For list information, options, or to unsubscribe, visit:
> >> http://www.sudo.ws/mailman/listinfo/sudo-users
> >>
> >>
> >
> >
> >
> >
> >
> > !DSPAM:4253a9067851319355225!
> >
> ____________________________________________________________ 
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>

More information about the sudo-users mailing list