[sudo-users] sudo support for more than one ldap-base

Chris Jepeway jepeway at blasted-heath.com
Wed Jan 27 20:31:44 EST 2010

> Hello Chris,
Hey, Chris :)

> I have tested the latest ldap based sudo in a very complex  
> environment.
Oh, my.  My involvement with sudo predates its LDAP support
(it stopped about 15 years ago, actually), so there's not
much I can help you with, there.

I've cc'ed the appropriate list for these sorts of questions,
so perhaps someone on it (Todd?) could give you a notion about
implementing the feature you describe:

> Because of several technical restrictions it is necessary to have  
> more then one searchbase
> Usually for other entries (e.g. pam, users, groups and other  
> databases in ldap) I have for each at least one entry.
> Unfortunately for sudo this does not work.
> For example: If I have two entries in /etc/ldap.conf:
>   sudoers_base  ou=sudoers,dc=back,dc=storage
>   sudoers_base  ou=sudoers,dc=global
> Only one entry works.
> Do you think that this feature can also be supported by sudo in the  
> future?
> When do you think this feature could be available?
As I wrote, I'm not involved with sudo's implementation
any longer, but the primary developer/maintainer/author
is Todd Miller, and I'm sure he'll chime in.

> regards
> Chris ;-)

More information about the sudo-users mailing list