[sudo-users] LDAP hosts netgroup not working on Red Hat Enterprise 4 client

Mike Watz elan_mbx2 at yahoo.com
Sun Apr 29 22:10:16 EDT 2007

So I've had success in setting up sudo to use LDAP on a host of platforms,
including Solaris 8,9, & 10, HP-UX 11i, and RHEL v.4.

RHEL v. 4, however, does not honor a host netgroup for some reason.  It honors
a user netgroup with no issues, but host netgroups are not working.

I saw a post back in '05 about the same issue (I think) and was wondering if
anyone else had faced and solved this issue?

Debug information:

Sun Java LDAP server v.5.2_patch4

# test_hosts, netgroup, jeppesen.com
dn: cn=test_hosts,ou=netgroup,dc=jeppesen,dc=com
cn: test_hosts
objectClass: top
objectClass: nisnetgroup
nisNetgroupTriple: (deninfrap3,,,)

# test_role, DEN, sudo, jeppesen.com
dn: cn=test_role,ou=DEN,ou=sudo,dc=jeppesen,dc=com
objectClass: top
objectClass: sudorole
cn: test_role
sudoCommand: ALL
sudoHost: +test_hosts
sudoUser: mwatz

LDAP Config Summary
host         denmxp1.jeppesen.com
port         389
ldap_version 3
sudoers_base ou=den,ou=sudo,dc=jeppesen,dc=com
binddn       cn=proxyagent,ou=profile,dc=jeppesen,dc=com
bindpw       ********
ssl          (no)
ldap_bind() ok
ldap sudoOption: 'syslog=auth'
ldap sudoOption: 'mailto="unixadmin at jeppesen.com"'
ldap sudoOption: 'mail_no_host'
ldap sudoOption: 'mail_badpass'
ldap sudoOption: 'mail_no_perms'
ldap sudoOption: 'ignore_local_sudoers'
ldap search
ldap sudoHost '+test_hosts' ... not
ldap search 'sudoUser=+*'
mwatz is not allowed to run sudo on deninfrap3.  This incident will be

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the sudo-users mailing list