[sudo-users] LDAP & Sudo

Stanley, Jon Jon.Stanley at savvis.net
Mon Jul 2 08:03:31 EDT 2007


In order to successfully build LDAP clients, you'd need the openldap
andx openldap-devel RPM's.  In order to use PAM with ldap, you'd need
nss_ldap.

Also, openldap will obviously have to be configured to use yoxur LDAP
server.  Openldap-clients may also be helpful for debugging, however not
really necessary.

-----Original Message-----
From: sudo-users-bounces at courtesan.com
[mailto:sudo-users-bounces at courtesan.com] On Behalf Of Andy Loughran
Sent: Monday, July 02, 2007 1:21 AM
To: sudo-users at sudo.ws
Subject: [sudo-users] LDAP & Sudo

Hi guys, I'm new to the list so please don't bite!

I've followed the following howto to setup sudo on RHEL with the LDAP
server @ localhost, and everything works great.

http://web.singnet.com.sg/~garyttt/Installing%20and%20configuring%20Open
LDAP%20for%20RedHat%20Enterprise%20Linux3.htm

However, I use the same LDAP server to authenticate users on two other
machines - and I need to be able to read their details off LDAP for sudo
- like I do on the machine local to LDAP.

When compiling sudo --with-ldap, and --with-pam it fails on the client
machines,
#gcc -c -I. -I.  -O2 -D_PATH_SUDOERS=\"/etc/sudoers\"
-D_PATH_SUDOERS_TMP=\"/etc/sudoers.tmp\" -DSUDOERS_UID=0 -DSUDOERS_GID=0
-DSUDOERS_MODE=0440  ldap.c
#ldap.c:52:18: error: lber.h: No such file or directory
#ldap.c:54:18: error: ldap.h: No such file or directory
#ldap.c: In function 'sudo_ldap_check_user_netgroup':

I notice that the --with-ldap flag also has the option of setting a
directory.  Does that mean it'll only work where the LDAP server is on
the same machine as the sudoers config?

Regards,

--------
Andy Loughran
www.zrmt.com
m: 07921076319


____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users



More information about the sudo-users mailing list