[sudo-users] Transforming /etc/sudoers to LDAP/AD

Russell Van Tassell russell+sudo-users at loosenut.com
Wed Jan 28 17:37:47 EST 2009

On Wed, Jan 28, 2009 at 12:31:18PM -0500, Manjunatha, Jamuna wrote:
> > you will have to compile your sudo to avoid the default /etc location
> > for sudoers.
> Can you please detail on how to do this on windows AD/LDAP server??
> Thanks so much!!!!

To be clear, here... Vijaya was talking about a NFS solution, *NOT* the
LDAP solution you are asking about... in my opinion, that solution is
NOT for everyone (though probably works just fine in a stable 24/7 type

If you don't understand that particular (NFS) solution as-written, I'd
not recommend trying it, myself (ie. there are a few pitfalls for the

BTW, the README.LDAP file would appear to be a good reference for
converting your sudoers in to LDAP format... perhaps if you're more
specific about your questions, someone here can help you -- otherwise,
I'll afraid to say you might be stuck with the docs.


Barring either NFS or LDAP, above... I've also used cfengine and/or
puppet to push out changes to sudoers files over large numbers of
machines.  The side-effect, here, is that you'll have to effectively
roll-out a new client to each-and-every host you want to support...
it's probably not a small undertaking, especially if you're not already
doing or planning some host/config file synchronization across your
organization.  In case you want more info, here's one comparison of the
two (from puppet's standpoint, at least):


Hope that helps!

Russell M. Van Tassell
russell at loosenut.com

Documentation is like sex: when it is good, it is very, very good; and
when it is bad, it is better than nothing.               -- Dick Brandon

More information about the sudo-users mailing list