[sudo-users] LDAP and Sudo on Almalinux 8 not working right
Mark Johanson
mjohanson at a2hosting.com
Tue Jul 19 10:39:02 MDT 2022
Hello,
I know this might not be a sudo specific issue and might be a combination
of LDAP and sudo, but was wondering if someone could give me some
assistance or point me in the right direction?
I inherited an openldap setup of 2.4.38. I am having trouble figuring out
why AlmaLinux 8 servers do skip asking for passwords for sudo. Our sudo
configuration is setup in our LDAP configuration. The sudoOption
!authenticate is setup to allow users with escalated privs to run commands.
On our Centos 7 servers this works without issues, but on Alma Linux 8
those same users are asked for their password. When running sudo -l it does
show the NOPASSWD for the commands, and then sudo asks the user for the
password anyway. Our sudo-ldap.conf file shows the correct information for
accessing LDAP. The nsswitch.conf does say to check ldap first.
I have not found anything that indicates it is an OS related issue.
However, I do not understand why it's not accepting the sudoOption (as the
CentOS 7 boxes do not have this issue). Was wondering if someone might be
able to point me towards some documentation that would assist me in
diagnosing this? My current online searches have produced no answers.
I am not an experienced LDAP admin, so I have been doing a lot of crash
courses to try and learn it as quickly as possible.
Does anyone have any suggestions on how I might get this working as
intended?
Thanks,
More information about the sudo-users
mailing list