[sudo-workers] sudo+ldap and ldap.conf

Todd C. Miller Todd.Miller at courtesan.com
Tue Jun 14 14:39:06 EDT 2005

In message <20050614181346.GT3960 at sole.infis.univ.trieste.it>
	so spake Andrea Barisani (lcars):

> Yes that was my workaround and indeed it is documented in README.LDAP but I
> think you should stress more about this problem security_wise, simply showing
> that you can redefine the conf doesn't show the security aspect of this issue
> . 
> Also don't you think that making sudo+ldap rootdn aware could be a good
> option? (/etc/ldap.secret mode 600)

It doesn't look like adding rootbinddn should be hard.  Am I correct
in believing sudo just needs to look for rootbinddn in ldap.conf
and if found use the password stored in /etc/ldap.secret?

 - todd

More information about the sudo-workers mailing list