[sudo-users] Ldap Groups

Aaron Spangler aaron777 at gmail.com
Wed Apr 27 12:10:24 EDT 2005

The sudouser has syntax similar to the RFC2307 attributes.  It does
not use the full LDAP Distringuished Name.

Use the short username in the sudoUser attribute:

sudoUser: unixuser1
sudoUser: %unixgroup1
sudoUser: +netgroup1

The unixuser1, unixgroup1, or netgroup1 should be available from the
servers perspective and do not necessarily need to exist in LDAP.  If
they do exist in LDAP, then they should follow RFC2307 syntax.

On 4/25/05, David Blackburn <hxor666 at gmail.com> wrote:
> Hi
> I have Ldap sudo auth working, but I need to setup the sudoUser's into
> groups, I have used the Posix users schema and point sudoUser to the
> below.
> sudoUser points to cn=memberUid,ou=sudoUserGroups,ou=sudoers,dc=blah,dc=net
> Where memberUid is the id of the users I want to use.  If I remove the
> above and  put my user ID in this works.
> Please note I am quite new with ldap and my be missing something quite basic.
> Thanks
> Dave
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list