[sudo-users] Novell edirectory ldap Solaris10 and sudo
herve1.le-goff
herve1.le-goff at laposte.net
Tue Mar 25 19:15:27 EDT 2008
Hi,
I would like to store the sudoers file in ldap edirectory.
I can authenticate fine against ldap, but sudo does not work: 07hxl2 is not in the sudoers file. This incident will be reported.
1) sudo is compiled with pam :
# ldd /opt/IROS/bin/sudo
libpam.so.1 => /lib/libpam.so.1
libdl.so.1 => /lib/libdl.so.1
libldap-2.4.so.2 => /opt/IROS/lib/libldap-2.4.so.2
liblber-2.4.so.2 => /opt/IROS/lib/liblber-2.4.so.2
libsocket.so.1 => /lib/libsocket.so.1
libnsl.so.1 => /lib/libnsl.so.1
libc.so.1 => /lib/libc.so.1
libcmd.so.1 => /lib/libcmd.so.1
libresolv.so.2 => /lib/libresolv.so.2
libssl.so.0.9.8 => /opt/IROS/lib/libssl.so.0.9.8
libcrypto.so.0.9.8 => /opt/IROS/lib/libcrypto.so.0.9.8
libgcc_s.so.1 => /opt/IROS/lib/libgcc_s.so.1
libmp.so.2 => /lib/libmp.so.2
libmd5.so.1 => /lib/libmd5.so.1
libscf.so.1 => /lib/libscf.so.1
libdoor.so.1 => /lib/libdoor.so.1
libuutil.so.1 => /lib/libuutil.so.1
libm.so.2 => /lib/libm.so.2
/platform/SUNW,Sun-Blade-100/lib/libc_psr.so.1
/platform/SUNW,Sun-Blade-100/lib/libmd5_psr.so.1
2)solaris10$ldaplist sudoers
dn: cn=defaults,ou=SUDOers,ou=people,ou=users,o=IRD
dn: cn=root,ou=SUDOers,ou=people,ou=users,o=IRD
dn: cn=herve,ou=SUDOers,ou=people,ou=users,o=IRD
dn: cn=07hxl2,ou=SUDOers,ou=people,ou=users,o=IRD
3) an ldapsearch command gives that:
# 07hxl2, SUDOers, people, users, IRD
dn: cn=07hxl2,ou=SUDOers,ou=people,ou=users,o=IRD
sudoOption: !authenticate
sudoRunAs: ALL
sudoCommand: ALL
sudoHost: ALL
sudoUser: 07hxl2
objectClass: Top
objectClass: sudoRole
cn: 07hxl2
# defaults, SUDOers, people, users, IRD
dn: cn=defaults,ou=SUDOers,ou=people,ou=users,o=IRD
sudoOption: passwd_timeout=0, !lecture, timestamp_timeout=120,ignore_local_sud
oers
objectClass: Top
objectClass: sudoRole
description: Default sudoOption's go here
cn: defaults
# herve, SUDOers, people, users, IRD
dn: cn=herve,ou=SUDOers,ou=people,ou=users,o=IRD
sudoRunAs: ALL
sudoCommand: ALL
sudoHost: ALL
sudoUser: herve
objectClass: Top
objectClass: sudoRole
cn: herve
# root, SUDOers, people, users, IRD
dn: cn=root,ou=SUDOers,ou=people,ou=users,o=IRD
sudoRunAs: ALL
sudoCommand: ALL
sudoHost: ALL
sudoUser: root
objectClass: Top
objectClass: sudoRole
cn: root
# search result
search: 2
result: 0 Success
# numResponses: 6
# numEntries: 5
4)# less /var/ldap/ldap_client_file
#
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 10.40.101.237
NS_LDAP_SEARCH_BASEDN= ou=users,o=IRD
NS_LDAP_AUTH= simple
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= shadow:
NS_LDAP_SERVICE_SEARCH_DESC= passwd:
NS_LDAP_SERVICE_SEARCH_DESC= sudoers: ou=sudoers,ou=people,ou=users,o=IRD
looks like it does not read the ldap sudoers objects. What am I missing? appreciate help.
Thanks, Herve.
Créez votre adresse électronique prénom.nom at laposte.net
1 Go d'espace de stockage, anti-spam et anti-virus intégrés.
More information about the sudo-users
mailing list