[sudo-users] Sudo using LDAP and RedHat/ Fedora directory server 8

[Aaron Ceraldi]

Thanks for the help so far, the command gave out this.
It would seam that is looking for a + ? or the group sudouser ?

Thanks,
Aaron

[test5 at host-10-255-254-117 ~]$ sudo -i
LDAP Config Summary
===================
uri          ldaps://dir1.cs1.cybera.net
ldap_version 3
sudoers_base cn=SUDOers,dc=cs1,dc=cybera,dc=net
binddn       (anonymous)
bindpw       (anonymous)
ssl          yes
===================
ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,"/etc/openldap/cacerts/ca.crt"
)
ldap_initialize(ld,ldaps://dir1.cs1.cybera.net)
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
ldap_bind() ok
no default options found!
ldap search '(|(sudoUser=test5)(sudoUser=ALL))'
nothing found for '(|(sudoUser=test5)(sudoUser=ALL))'
ldap search 'sudoUser=+*'
nothing found for 'sudoUser=+*'
user_matches=0
host_matches=0
sudo_ldap_check(0)=0x44
test5 is not in the sudoers file.  This incident will be reported.

-----Original Message-----
From: Todd C. Miller [mailto:Todd.Miller at courtesan.com] 
Sent: Friday, May 15, 2009 9:28 AM
To: Aaron Ceraldi
Cc: sudo-users at sudo.ws
Subject: Re: [sudo-users] Sudo using LDAP and RedHat/ Fedora directory
server 8 

In message
<48FAC036AD7B7642BB2944FB9AE674A304DA349E at EXCHANGE.nashville.cybera.
net>
	so spake "Aaron Ceraldi" (aaron.ceraldi):

> I have been struggling for days now trying to get sudo via LDAP to
work
> properly, from what I can tell RHDS 8 comes with the sudo schema built
> in and I have created an ACI to names SUDOers and added a user to it.
On
> the server authing via LDAP works perfectly and I have added
> "sudoers_base cn=SUDOers,dc=dmark1,dc=domain,dc=net" to the ldap.conf
> file. When I try and sudo I get: "aceraldi is not in the sudoers file.
> This incident will be reported." I am probably just missing something
> but im very new to LDAP on linux.

Try adding:

sudoers_debug 2

to your ldap.conf and see if that helps pin down the problem.

 - todd