[sudo-users] LDAP sudoOptions and netgroups:

Patrick Spinler spinler.patrick at mayo.edu
Sun Jun 8 18:09:13 EDT 2008

Hash: SHA1

Patrick Spinler wrote:
| Todd C. Miller wrote:
| | Can you give sudo 1.7rc1 a try?  It has a number of LDAP improvements
| | and, given a similar setup, works correctly for me.
| |
| | http://www.sudo.ws/sudo/dist/beta/sudo-1.7.0rc1.tar.gz
| |
| |  - todd

No great joy.  Compiling sudo 1.7.0rc1 with these options:

CFLAGS="-g" LDFLAGS="-g" ./configure --with-logging=syslog
- -with-logfac=authpriv --with-pam --with-env-editor --with-editor=/bin/vi
- --with-ignore-dot --with-tty-tickets --with-ldap

(same as I used for 1.6.9, btw)

It appears to not find any sudo commands in LDAP at all.  I'm using the
same ldap.conf file, without change as my 1.6.9 testing.  It doesn't
even appear to find the sudoers_debug statement in /etc/ldap.conf, as it
produces no debugging output.

Just to make sure it's looking in the right place, I ran strings on the
resulting executable, looking for refs to ldap.conf:

ap00375 at blade0514 sudo-1.7.0rc1 $ ./sudo -V
Sudo version 1.7.0

ap00375 at blade0514 sudo-1.7.0rc1 $ strings ./sudo | grep ldap.conf
sudo_ldap_conf_add_ports: port too large
sudo_ldap_conf_add_ports: out of space expanding hostbuf
ldap.conf path: %s

ap00375 at blade0514 sudo-1.7.0rc1 $ ./sudo -l
Sorry, user ap00375 may not run sudo on blade0514.

ap00375 at blade0514 sudo-1.7.0rc1 $ grep sudoers /etc/ldap.conf
sudoers_base ou=SUDOers,dc=unix,dc=mayo,dc=edu
sudoers_debug 2

What am I doing wrong here?  Again, redhat enterprise 4.6.

I'm installing a redhat 5.2 machine to try this on, just for grins.

- -- Pat

Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the sudo-users mailing list