[sudo-workers] Re: Sudo 1.6.8rc5 Ldap Group lookup
Aaron Spangler
as at insight.rr.com
Tue Aug 10 21:07:22 EDT 2004
Hi Jacob,
Please let us know what OS & OS Version you are using. Also, if it is
original SysV or HP-UX then is there anything in /etc/initgroups?
Sudo does three calls to try to determine your groups. The first is
getgrgid(getgid()) which returns your primary group. The second is that
it calls getgroups(0,NULL) with a to ask how many groups you belong to.
(For memory allocation purposes). Finaly it calls getgroups() with a
structure to receive the array of groups you belong to.
The collection of your username + primary group + all the secondary
groups are used to construct an query to send to LDAP.
Try turning on ldap debugging (add "sudoers_debug 2" to /etc/ldap.conf)
to see that the query is being built correctly.
Hope this all helps, let us know the results of the debugging and the
results of the "groups" and "id" and "id -a" commands. We'll help debug
it and make sudo better.
-Aaron
Jacob Pszonowsky wrote:
> Hey guys -
>
> I'm having an interesting time trying to figure out how the LDAP
> support does the group lookup for a user. Sudo seems to be only
> finding 2 of my groups, not my third - even though "groups" reports
> all three for me.
>
> I'm going to go dig around in the code, but I thought I'd post a
> question as to how it's supposed to be working.
>
> Thanks,
> Jake
>
> Jacob Pszonowsky
>
> jdp16 at mac.com
> (c) 415.225.2647
> (f) 415.358.5918
More information about the sudo-workers
mailing list