[sudo-users] LDAP sudo on Solaris 10

David Barr dafydd at dafydd.com
Tue Apr 2 11:54:28 MDT 2013 

Good Morning,

I've run into a problem, and my Google searching hasn't yet helped.

I'm trying to put a sudo client on Solaris 10 to hook up to my built and tested LDAP server with an existing ou=SUDOers branch.

The OS is Solaris 10u11 (01/13) for SPARC.
The sudoers package is TCMsudo-ldap-1.8.6p7-spark.pkg, straight from www.sudo.ws.

The LDAP server currently allows anonymous binds. I have uri, sudoers_base, and sudoers_debug values set in

- /usr/local/etc/sudo-ldap.conf, with symlinks from
- /usr/local/etc/ldap.conf,
- /etc/ldap.conf, and
- /etc/sudo-ldap.conf. [1]

Entries:
uri ldap://<host>:<port>
sudoers_base ou=SUDOers,o=group.example.com
sudoers_debug 2

(Not using a dc=blah,dc=blah format for my BASEDN is a deliberate decision. To minimize confusion, I don't want my LDAP tree to look anything like the company-wide Authentication tree.)

`sudo -ll` will see the entry in /usr/local/etc/sudoers granting full access to my test user. However, the output I get from `sudo -ll` doesn't match what I've seen before when sudoers_debug has been set to 2. So, I infer that no variation of *ldap.conf is getting read.

If anyone on the package build team is on this list, I would love verification which /location/file sudo is looking at for its ldap configuration. Once I know that I have the correct settings in the correct file, I can move past the easy answers...

Thanks!
David

[1] - RHEL6.3 and derived OSes split ldap.conf into pam-ldap.conf and sudo-ldap.conf. As someone in an environment where the Authentication system is company wide (Active Directory *spit*) but the *nix Authorization system is something specific to my group, I support this nod to heterogeneous environments...

--

David - Offbeat		http://dafydd.livejournal.com
dafydd - Online		http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
	Integrity*Commitment*Communication*Support

----5----1----5----2----5----3----5----4----5----5----5----6----5----7--

Rene Descartes walks into his neighborhood watering hole. The publican sees him and asks, "Will you have your usual, sir?"

Descartes ponders a moment and replies, "I think not."

And promptly disappears...

More information about the sudo-users mailing list