[sudo-users] LDAP sudo on Solaris 10
dafydd at dafydd.com
Tue Apr 2 11:54:28 MDT 2013
I've run into a problem, and my Google searching hasn't yet helped.
I'm trying to put a sudo client on Solaris 10 to hook up to my built and tested LDAP server with an existing ou=SUDOers branch.
The OS is Solaris 10u11 (01/13) for SPARC.
The sudoers package is TCMsudo-ldap-1.8.6p7-spark.pkg, straight from www.sudo.ws.
The LDAP server currently allows anonymous binds. I have uri, sudoers_base, and sudoers_debug values set in
- /usr/local/etc/sudo-ldap.conf, with symlinks from
- /etc/ldap.conf, and
- /etc/sudo-ldap.conf. 
(Not using a dc=blah,dc=blah format for my BASEDN is a deliberate decision. To minimize confusion, I don't want my LDAP tree to look anything like the company-wide Authentication tree.)
`sudo -ll` will see the entry in /usr/local/etc/sudoers granting full access to my test user. However, the output I get from `sudo -ll` doesn't match what I've seen before when sudoers_debug has been set to 2. So, I infer that no variation of *ldap.conf is getting read.
If anyone on the package build team is on this list, I would love verification which /location/file sudo is looking at for its ldap configuration. Once I know that I have the correct settings in the correct file, I can move past the easy answers...
 - RHEL6.3 and derived OSes split ldap.conf into pam-ldap.conf and sudo-ldap.conf. As someone in an environment where the Authentication system is company wide (Active Directory *spit*) but the *nix Authorization system is something specific to my group, I support this nod to heterogeneous environments...
David - Offbeat http://dafydd.livejournal.com
dafydd - Online http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
Rene Descartes walks into his neighborhood watering hole. The publican sees him and asks, "Will you have your usual, sir?"
Descartes ponders a moment and replies, "I think not."
And promptly disappears...
More information about the sudo-users