[sudo-users] store sudo config in LDAP with NDS 6.1 on HPUX 11i

Mark Benschop mark at mbfk.net
Thu Jun 2 11:58:07 EDT 2005

Hi All,

I'm running a HPUX 11i server with Netscape Directory Server 6.1 and
the following HPUX client software :
4269AA   B.03.10  LDAP-UX Integration
This contains all the PAM and NSS modules and ldapclient to connect to an

I've compiled sudo 1.6.8p8 with pam and ldap support.
(I've attached the compilation options below in the email.)

It's all running fine, i can run sudo as a user that's stored in LDAP and

What I want to do next is store sudo's configuration in LDAP.

I'm using NetscapeDirectoryServer 6.1 also supplied by HP by the way.
I successfully loaded the 'Iplanet'sudo-schema that comes with the sudo

Now in the README.LDAP it says that I have to add :
sudoers_base   ou=SUDOers,dc=example,dc=com
to the /etc/ldap.conf file.

The thing is there's no /etc/ldap.conf file on my system.
Apparently the LDAPUX software doesn't use one.

Does anyone know where the sudoers_base line must be put on my HPUX 11i
system ?

Thanks for your answer,

Compilation :

./configure --with-pam \

in order for it to compile properly I had to adapt the Makefile as follows :
SUDO_LIBS =  -lsec -lpam -ldap  $(LIBS) $(NET_LIBS)
changed to
SUDO_LIBS =  -lsec -lpam -lldapssl30  $(LIBS) $(NET_LIBS)
This since the 'LDAPUX software' that comes with HPUX 11i and contains the
neccesary PAM and NSS modules and some lib's and binaries has no library
named 'libldap' but it's named libldapssl30.

After I linked the following
ln -s /opt/ldapux/lib/libssl30.sl /usr/lib/libssl30.sl

I could compile as follows :
gmake LDFLAGS="-L/opt/ldapux/lib"

and did a gmake install.

this resulted in a properly working sudo, where I can run sudo as a user
that exists in LDAP using /etc/sudoers.

More information about the sudo-users mailing list