[sudo-users] Sudo using LDAP and RedHat/ Fedora directory server 8

Jan-Frode Myklebust mykleb at no.ibm.com
Fri May 15 08:35:17 EDT 2009

On 2009-05-14, Aaron Ceraldi <aaron.ceraldi at cybera.net> wrote:
> I have been struggling for days now trying to get sudo via LDAP to work
> properly, from what I can tell RHDS 8 comes with the sudo schema built
> in and I have created an ACI to names SUDOers and added a user to it. On
> the server authing via LDAP works perfectly and I have added
> "sudoers_base cn=SUDOers,dc=dmark1,dc=domain,dc=net" to the ldap.conf
> file. When I try and sudo I get: "aceraldi is not in the sudoers file.
> This incident will be reported." I am probably just missing something
> but im very new to LDAP on linux.

I don't quite understand what you mean by adding an "ACI to names SUDOers",
at least it doesn't sound like how we're using sudoers with ldap.  We have
an ou=SUDOers,dc=example, dc=net  where we put our sudo rules, and they looks
like this for f.ex. giving root access to do everything on all hosts:

	dn: cn=root,ou=SUDOers,dc=example, dc=net
	changetype: add
	objectClass: top
	objectClass: sudoRole
	sudoHost: ALL
	sudoCommand: ALL
	sudoUser: root
	sudoRunAs: ALL
	cn: root


More information about the sudo-users mailing list