[sudo-users] nss_base_group not working
Sudoer
sudo at toltec.com
Sat May 3 19:50:16 MDT 2014
Hello,
I have a problem where sudo 1.7 using ldap.conf works, but sudo 1.8
using the same setup doesn't. The ldap search strings aren't the same,
but haven't been able to find the correct directive to fix it.
Does anyone know the correct setup?
Thanks.
/etc/ldap.conf
nss_base_passwd ou=people,dc=company,dc=net?sub?objectclass=posixAccount
nss_base_group ou=neteng,dc=company,dc=net?sub?objectclass=posixGroup
nss_base_group ou=support,dc=company,dc=net?sub?objectclass=posixGroup
nss_base_group ou=groups,dc=company,dc=net?sub?objectclass=posixGroup
nss_base_group ou=engineering,dc=company,dc=net?sub?objectclass=posixGroup
In ldap:
cn=support3,ou=sudoers,dc=company,dc=net
sudoHost +cpe
cn=support3,ou=groups,ou=support,dc=company,dc=net
memberUID = user
With sudo version sudo-1.7.2p1-9.el5_5
Sudo output debug:
sudo: ldap search
'(|(sudoUser=user)(sudoUser=%user)(sudoUser=%eng3)(sudoUser=%neteng3)(sudoUser=%support3)(sudoUser=ALL))'
sudo: found:cn=support3,ou=sudoers,dc=company,dc=net
sudo: ldap sudoHost '+cpe' ... MATCH!
sudo: ldap sudoRunAsUser 'root' ... MATCH!
sudo: ldap sudoCommand 'ALL' ... MATCH!
sudo: Command allowed
sudo: user_matches=1
sudo: host_matches=1
With sudo version sudo-1.8.10-3.el6.x86_64
sudo debug output:
sudo: ldap search
'(&(objectClass=sudoRole)(|(sudoUser=user)(sudoUser=%user)(sudoUser=%#10001)(sudoUser=ALL)))'
sudo: searching from base 'ou=sudoers,dc=company,dc=net'
sudo: adding search result
sudo: result now has 0 entries
sudo: ldap search '(&(objectClass=sudoRole)(sudoUser=*)(sudoUser=+*))'
sudo: searching from base 'ou=sudoers,dc=company,dc=net'
sudo: adding search result
sudo: result now has 0 entries
sudo: sorting remaining 0 entries
sudo: searching LDAP for sudoers entries
sudo: done with LDAP searches
sudo: user_matches=1
sudo: host_matches=0
More information about the sudo-users
mailing list