[sudo-users] LDAP sudoOptions and netgroups:
Patrick Spinler
spinler.patrick at mayo.edu
Sun Jun 8 18:09:13 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patrick Spinler wrote:
| Todd C. Miller wrote:
| | Can you give sudo 1.7rc1 a try? It has a number of LDAP improvements
| | and, given a similar setup, works correctly for me.
| |
| | http://www.sudo.ws/sudo/dist/beta/sudo-1.7.0rc1.tar.gz
| |
| | - todd
|
No great joy. Compiling sudo 1.7.0rc1 with these options:
CFLAGS="-g" LDFLAGS="-g" ./configure --with-logging=syslog
- -with-logfac=authpriv --with-pam --with-env-editor --with-editor=/bin/vi
- --with-ignore-dot --with-tty-tickets --with-ldap
(same as I used for 1.6.9, btw)
It appears to not find any sudo commands in LDAP at all. I'm using the
same ldap.conf file, without change as my 1.6.9 testing. It doesn't
even appear to find the sudoers_debug statement in /etc/ldap.conf, as it
produces no debugging output.
Just to make sure it's looking in the right place, I ran strings on the
resulting executable, looking for refs to ldap.conf:
ap00375 at blade0514 sudo-1.7.0rc1 $ ./sudo -V
Sudo version 1.7.0
ap00375 at blade0514 sudo-1.7.0rc1 $ strings ./sudo | grep ldap.conf
sudo_ldap_conf_add_ports: port too large
sudo_ldap_conf_add_ports: out of space expanding hostbuf
/etc/ldap.conf
/etc/ldap.conf
ldap.conf path: %s
ap00375 at blade0514 sudo-1.7.0rc1 $ ./sudo -l
Password:
Sorry, user ap00375 may not run sudo on blade0514.
ap00375 at blade0514 sudo-1.7.0rc1 $ grep sudoers /etc/ldap.conf
sudoers_base ou=SUDOers,dc=unix,dc=mayo,dc=edu
sudoers_debug 2
What am I doing wrong here? Again, redhat enterprise 4.6.
I'm installing a redhat 5.2 machine to try this on, just for grins.
- -- Pat
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFITFiJNObCqA8uBswRAg3jAJ48m0RdghY9iFECgO+1G8U/EKCB8ACeMIFf
bGms9/HLjTJiH0wNO2HOJgY=
=IxDZ
-----END PGP SIGNATURE-----
More information about the sudo-users
mailing list