[sudo-users] sudoHost not expanding netgroups?

Wes Rogers wrogers at gmail.com
Mon Oct 23 10:32:20 EDT 2006


Trying to use LDAP and netgroups with sudo, it seems it expands the
netgroup for users, but not for hosts.

ldap_init(10.0.0.1 10.0.0.2,389)
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
ldap_bind() ok
found:cn=defaults,ou=sudo,ou=Applications,ou=blah,dc=blah,dc=com
ldap sudoOption: 'ignore_local_sudoers'
ldap sudoOption: 'logfile=/var/log/sudolog'
ldap sudoOption: 'insults'
ldap search '(|(sudoUser=beavis)(sudoUser=%blah)(sudoUser=%blah)(sudoUser=ALL))'
ldap search 'sudoUser=+*'
found:cn=testopsrole,ou=sudo,ou=Applications,ou=blah,dc=blah,dc=com
ldap sudoUser netgroup '+testops' ... MATCH!
ldap sudoHost '+testhosts' ... not
user_matches=-1
host_matches=0
sudo_ldap_check(0)=0x84
Password:
beavis is not allowed to run sudo on host.  This incident will be reported.

dn: cn=testopsrole,ou=sudo,ou=Applications,ou=blah,dc=blah,dc=com
cn: testopsrole
description: Testing nis netgroups and sudo
objectClass: top
objectClass: sudoRole
sudoCommand: ALL
sudoUser: +testops
sudoHost: +testhosts

Any thoughts?

Wes



More information about the sudo-users mailing list