[sudo-users] Re: Can't get sudo working with ldap

Matt Juszczak matt at atopia.net
Wed Apr 6 14:28:34 EDT 2005


Yep, worked fine!

On Wed, 6 Apr 2005, Aaron Spangler wrote:

> Yes,
>  Sounds like a bug.  My fault.  I wrote the script.
>
> Any volunteers who would be willing to submit a patch to sudoers2ldif?
>
> Matt - Did it work for you when you changed your SudoCommand attribute to ALL ?
> Let us know if you still have problems.
>
> -Aaron
>
>
>
> On Wed, 6 Apr 2005 05:41:57 -0400 (EDT), Matt Juszczak <matt at atopia.net> wrote:
>> Yep, I think so :)
>>
>> On Wed, 6 Apr 2005, Justin Albstmeijer wrote:
>>
>>> "SudoCommand: (ALL) ALL" should be "sudoCommand: ALL"
>>>
>>> A bug in sudoers2ldif?
>>>
>>>> Howdy all,
>>>>
>>>> I followed the instructions in the LDAP.readme and everything seemed to
>>> be going smooth until I actually tried executing sudo.  I get the
>>> following below.  Everything on the ldap server shows communication
>>> between the two servers.  Any ideas?
>>>>
>>>> Thanks!
>>>>
>>>> -Matt
>>>>
>>>> ---snip---
>>>>
>>>> orion$ sudo bash
>>>> LDAP Config Summary
>>>> ===================
>>>> host         *****************
>>>> port         389
>>>> ldap_version 3
>>>> sudoers_base ou=SUDOers,dc=********,dc=net
>>>> binddn       cn=pamclient,ou=SystemAccounts,dc=********,dc=net
>>>> bindpw       *****************
>>>> ssl          on
>>>> ===================
>>>> ldap_init(************,389)
>>>> ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
>>>> ldap_bind() ok
>>>> found:cn=defaults,ou=SUDOers,dc=********,dc=net
>>>> ldap search
>>>>
>> '(|(sudoUser=mjuszczak)(sudoUser=%users)(sudoUser=%users)(sudoUser=%users)(sudoUser=%admin)(sudoUser=ALL))'
>>> found:cn=mjuszczak,ou=SUDOers,dc=*********,dc=net
>>>> ldap sudoHost 'orion' ... MATCH!
>>>> ldap sudoCommand '(ALL) ALL' ... not
>>>> ldap search 'sudoUser=+*'
>>>> user_matches=-1
>>>> host_matches=-1
>>>> sudo_ldap_check(0)=0x04
>>>> Password:
>>>> mjuszczak is not in the sudoers file.  This incident will be reported.
>>> orion$
>>>> ____________________________________________________________
>>>> sudo-users mailing list <sudo-users at sudo.ws>
>>>> For list information, options, or to unsubscribe, visit:
>>>> http://www.sudo.ws/mailman/listinfo/sudo-users
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>> ____________________________________________________________
>> sudo-users mailing list <sudo-users at sudo.ws>
>> For list information, options, or to unsubscribe, visit:
>> http://www.sudo.ws/mailman/listinfo/sudo-users
>>
>
>
> !DSPAM:4254110c106401788212070!
>



More information about the sudo-users mailing list