[sudo-users] sudo and ldap

Darran Carey darran.carey at pawsey.org.au
Tue Feb 23 08:07:08 MST 2016


Hi all,

We currently have sudo integration with our test LDAP server (389 
directory server) working very nicely for both SLES and CentOS clients. 
There is one issue to resolve before considering moving this into 
production. We allow anonymous binds to our LDAP servers which means any 
user can search the SUDOERS ou. I would equate this with running with 
world-readable /etc/sudoers.

Is it possible to tighten the security of the SUDOERS ou and still allow 
users to bind anonymously for general LDAP searches, or is the only way 
to implement this to have a separate bind DN? Does anyone have any 
experience with sudo/LDAP integration that they would be willing to 
share?

Regards,
Darran.


More information about the sudo-users mailing list