[sudo-users] Ldap Groups
Aaron Spangler
aaron777 at gmail.com
Wed Apr 27 12:10:24 EDT 2005
The sudouser has syntax similar to the RFC2307 attributes. It does
not use the full LDAP Distringuished Name.
Use the short username in the sudoUser attribute:
sudoUser: unixuser1
-or-
sudoUser: %unixgroup1
-or-
sudoUser: +netgroup1
The unixuser1, unixgroup1, or netgroup1 should be available from the
servers perspective and do not necessarily need to exist in LDAP. If
they do exist in LDAP, then they should follow RFC2307 syntax.
On 4/25/05, David Blackburn <hxor666 at gmail.com> wrote:
> Hi
>
> I have Ldap sudo auth working, but I need to setup the sudoUser's into
> groups, I have used the Posix users schema and point sudoUser to the
> below.
>
> sudoUser points to cn=memberUid,ou=sudoUserGroups,ou=sudoers,dc=blah,dc=net
>
> Where memberUid is the id of the users I want to use. If I remove the
> above and put my user ID in this works.
>
> Please note I am quite new with ldap and my be missing something quite basic.
>
> Thanks
> Dave
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list