[sudo-users] LDAPv Multiple sudoers_base lines do not work
Louis.Provost at sensus.com
Mon Jan 13 14:23:00 MST 2014
I am having issues getting sudo working with ldap only in the regard that I really need to have two search bases for sudo but it doesn’t seem to read both.
I am on an older version of sudo and am stuck with it because of various reasons, but I CANNOT upgrade the server is the main crux and this version of sudo is what is supported in this old version of red hat (5.10)
[root at www ~]# rpm -qa |grep sudo
my search lines look like this
I have tried joining the lines with a space delimiter, as well as leaving the lines separate. No matter what I do I only get results from one base. The base in the secondary position, or the one that is read last linearly is the one that is read from. I know that all the ldap entries work and sudo works just fine on the ldap side when the right base is queried, I just cannot get it to look in one, fail and look in the other base.
Here are some results:
uri ldap://ldap1.falchnet.net ldap://ldap2.falchnet.net
binddn cn=LDAP Binder,ou=Special Accounts,dc=falchnet,dc=net
bindpw <password hashed here>
If I reverse the order, then the other base shows. Of course, I have users to test in both sudo buckets, but the one in the second bucket listed is the only one to work.
I have been searching forever and all I can find are references to multiple bases working in a man page, but no version information, no examples, no anything.
Any help would be absolutely greatly appreciated from this list.
More information about the sudo-users