[sudo-users] Sudo + LDAP (Red Hat Directory Server)

Jan-Frode Myklebust janfrode at tanso.net
Mon Dec 1 03:01:53 EST 2008 

On 2008-12-01, Erling Ringen Elvsrud <erlingre at gmail.com> wrote:
> Hello list,
>
> I want to store sudoers in LDAP and have a Red Hat Directory Server.
> I try to import the schema (Iplanet)described in README.LDAP (from the
> sudo 1.6.8p12 SRPM-file):

I wonder if it's maybe just a ldif file formatting issue.. Here's my
99user.ldif-entries for sudo, on RHEL5, with centos-ds-8.0.0-1.4.el5:

---------------------------------------------------
objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' DESC 'Sudoer Entries'
  STRUCTURAL MUST cn MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ su
 doOption $ description ) X-ORIGIN ( 'SUDO' 'user defined' ) )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who ma
 y  run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch S
 YNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'SUDO' 'user defined' ) )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) imper
 sonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.
 1.26 X-ORIGIN ( 'SUDO' 'user defined' ) )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) 
 to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.1
 15.121.1.26 X-ORIGIN ( 'SUDO' 'user defined' ) )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) f
 ollowed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.
 1.26 X-ORIGIN ( 'SUDO' 'user defined' ) )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who ma
 y run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SY
 NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN ( 'SUDO' 'user defined' ) )
---------------------------------------------------

I think the rules are max 80 chars per line, and the following
line needs to start with a blank -- if it's the same line. But try
pasting the above into your 99user.ldif exactly as formatted above, 
and see if that helps.


   -jf

More information about the sudo-users mailing list