[sudo-users] sudo support for more than one ldap-base
Chris Jepeway
jepeway at blasted-heath.com
Wed Jan 27 20:31:44 EST 2010
> Hello Chris,
Hey, Chris :)
> I have tested the latest ldap based sudo in a very complex
> environment.
Oh, my. My involvement with sudo predates its LDAP support
(it stopped about 15 years ago, actually), so there's not
much I can help you with, there.
I've cc'ed the appropriate list for these sorts of questions,
so perhaps someone on it (Todd?) could give you a notion about
implementing the feature you describe:
> Because of several technical restrictions it is necessary to have
> more then one searchbase
>
> Usually for other entries (e.g. pam, users, groups and other
> databases in ldap) I have for each at least one entry.
> Unfortunately for sudo this does not work.
> For example: If I have two entries in /etc/ldap.conf:
> sudoers_base ou=sudoers,dc=back,dc=storage
> sudoers_base ou=sudoers,dc=global
> Only one entry works.
>
> Do you think that this feature can also be supported by sudo in the
> future?
> When do you think this feature could be available?
As I wrote, I'm not involved with sudo's implementation
any longer, but the primary developer/maintainer/author
is Todd Miller, and I'm sure he'll chime in.
> regards
> Chris ;-)
Chris.
More information about the sudo-users
mailing list