[sudo-users] Migrate from LDAP to /etc/sudoers?

Todd C. Miller Todd.Miller at courtesan.com
Wed Jan 18 14:25:56 MST 2017

On Wed, 18 Jan 2017 18:17:54 +0000, Ryan Anderson wrote:

> I found a couple resources for migrating /etc/sudoers to LDAP, but I have a
> requirement to migrate my LDAP sudoers to /etc/sudoers (or
> /etc/sudoers.d/*). Could anyone provide some tips to do this?

I'm not aware of an existing tool to do this, though it shouldn't
be too difficult to create one.

There are two basic approaches to get the data: either parsing the
LDIF output from ldapsearch or connecting to the LDAP server directly
like sudo normally does and fetching all sudoRole objects.  Reusing
the existing sudo ldap code would reduce the amount of parsing
needed so that's the route I'd take.

 - todd

More information about the sudo-users mailing list