[sudo-users] "Run As" doesn't work with LDAP?

Todd C. Miller Todd.Miller at courtesan.com
Thu Aug 30 09:24:31 EDT 2007

In message <430150.81508.qm at web52005.mail.re2.yahoo.com>
	so spake Mike Watz (elan_mbx2):

> I've heard rumors of this.... does anyone know for certain what the
> scoop is on the "Run As" functionality with regards to LDAP
> integration?

It works, though the sudoers2ldif script did not convert
RunAs entries until sudo 1.6.9.

For instance, I have the following in LDAP:

# %wheel, SUDOers, courtesan.com
dn: cn=%wheel,ou=SUDOers,dc=courtesan,dc=com
objectClass: top
objectClass: sudoRole
cn: %wheel
sudoUser: %wheel
sudoRunAs: ALL
sudoHost: ALL
sudoCommand: ALL
sudoOption: !authenticate

Note the sudoRunAs entry.

 - todd

More information about the sudo-users mailing list