[sudo-users] LDAP hosts netgroup not working on Red Hat Enterprise 4 client
Mike Watz
elan_mbx2 at yahoo.com
Sun Apr 29 22:10:16 EDT 2007
So I've had success in setting up sudo to use LDAP on a host of platforms,
including Solaris 8,9, & 10, HP-UX 11i, and RHEL v.4.
RHEL v. 4, however, does not honor a host netgroup for some reason. It honors
a user netgroup with no issues, but host netgroups are not working.
I saw a post back in '05 about the same issue (I think) and was wondering if
anyone else had faced and solved this issue?
Debug information:
Sun Java LDAP server v.5.2_patch4
# test_hosts, netgroup, jeppesen.com
dn: cn=test_hosts,ou=netgroup,dc=jeppesen,dc=com
cn: test_hosts
objectClass: top
objectClass: nisnetgroup
nisNetgroupTriple: (deninfrap3,,,)
# test_role, DEN, sudo, jeppesen.com
dn: cn=test_role,ou=DEN,ou=sudo,dc=jeppesen,dc=com
objectClass: top
objectClass: sudorole
cn: test_role
sudoCommand: ALL
sudoHost: +test_hosts
sudoUser: mwatz
LDAP Config Summary
===================
host denmxp1.jeppesen.com
port 389
ldap_version 3
sudoers_base ou=den,ou=sudo,dc=jeppesen,dc=com
binddn cn=proxyagent,ou=profile,dc=jeppesen,dc=com
bindpw ********
ssl (no)
===================
ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,0x01)
ldap_init(denmxp1.jeppesen.com,389)
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
ldap_bind() ok
found:cn=defaults,ou=DEN,ou=sudo,dc=jeppesen,dc=com
ldap sudoOption: 'syslog=auth'
ldap sudoOption: 'mailto="unixadmin at jeppesen.com"'
ldap sudoOption: 'mail_no_host'
ldap sudoOption: 'mail_badpass'
ldap sudoOption: 'mail_no_perms'
ldap sudoOption: 'ignore_local_sudoers'
ldap search
'(|(sudoUser=mwatz)(sudoUser=%admins)(sudoUser=%admins)(sudoUser=ALL))'
found:cn=test_role,ou=DEN,ou=sudo,dc=jeppesen,dc=com
ldap sudoHost '+test_hosts' ... not
ldap search 'sudoUser=+*'
user_matches=-1
host_matches=0
sudo_ldap_check(0)=0x84
mwatz is not allowed to run sudo on deninfrap3. This incident will be
reported.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the sudo-users
mailing list