[sudo-users] sudo + ldap - nisNetgroupTriple
Patrick Spinler
spinler.patrick at mayo.edu
Tue May 25 17:45:46 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jr Aquino wrote:
> I am writing the mailing list in hopes that someone has information
> regarding the use of sudo for 'hostgroups' without having to use the
> nisNetgroupTriple attributes.
>
> I would like to be able to utilize sudo with ldap entries that sanely
> list the hostnames under a 'host:' attribute ideally.
>
> I've spoken to several of the nss_ldap developers and they have
> strongly cautioned me against leveraging nisNetgroup's for storing my
> hosts because of various rfc schema enforcements present in various
> ldap server implementations. (Not being able to modify/add/remove a
> nisNetgroupTriple without fully removing and readding all
> nisNetgroupTriple's from an object being one of the major
> disadvantages...)
For what it's worth, I got no clue what they're talking about, unless
it's some weird ldap server specific thing.
I've used nisNetGroup style hostgroups & sudo successfully with both
openldap and sun dsee ldap server without issue, including liberally
adding modifying and removing nisnetgrouptriples containing host (and
user) attributes.
- -- Pat
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkv8RQoACgkQNObCqA8uBswowACfaLmB8KpDZ5VtO6SJP3l/iQZc
wPMAnjTqS5HcQsKaV0wWiYV3/juuGTo3
=ssaq
-----END PGP SIGNATURE-----
More information about the sudo-users
mailing list