[sudo-users] LDAP defaults for commands

Todd C. Miller Todd.Miller at sudo.ws
Wed Dec 6 15:27:40 MST 2017

The sudoers LDAP configuration handles the Defaults options
differently.  There is no way to specify a set of options that are
always applied to a user.  Instead, you specify the options inside
the sudoRole object for that user or group.

For example:

# millert, SUDOers, courtesan.com
dn: cn=millert,ou=SUDOers,dc=courtesan,dc=com
objectClass: top
objectClass: sudoRole
cn: millert
sudoUser: millert
sudoRunAsUser: ALL
sudoRunAsGroup: ALL
sudoHost: ALL
sudoOption: !authenticate

would allow user millert to execute any command without authenticating.

 - todd

More information about the sudo-users mailing list