[sudo-workers] sudo+ldap sudo_rootbinddn

Andrea Barisani lcars at gentoo.org
Wed Jun 29 13:28:42 EDT 2005


Ok, I know that this is a pain but unfortunately ldap configuration/options
sucks sometimes :/ so here's a feature request that would be "sensible" to
implement imho.

We have rootbinddn in the cvs tree, that's nice. However some people might
don't want to use rootbinddn for other apps (for instance I might not want my
passwd to use rootbinddn when using pam_ldap) so can't we have optional 
sudo_rootbinddn for sudo only? (if rootbinddn is there use it, if
sudo_rootbinddn is also there use the latter)

Of course since ldap.secret location can't be specified in ldap.conf (that 
sucks) but can be specified in the code (and it's currently done with
--with-ldap-secret-file flag) in order to prevent conflicts it would be nice
to have a sudo_ldapsecret option as well.

It's a mess I know but imho this is the only way to have any reasonable
configuration supported and share ldap.conf sensibly (otherwise using
/etc/ldap.conf.sudo and not rootbinddn is the way to go).

Bye and thx :)

-- 
Andrea Barisani <lcars at gentoo.org>                            .*.
Gentoo Linux Infrastructure Developer                          V
                                                             (   )
GPG-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc   (   )
    0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E        ^^_^^
      "Pluralitas non est ponenda sine necessitate"



More information about the sudo-workers mailing list