[sudo-workers] caching sudo ldap queries

Robert Beard Robert.Beard at colesmyer.com.au
Sun Jun 25 20:23:22 EDT 2006

Tom wrote:
> all ldap entries.  I patched defaults because I wanted to 
> file the entry 
> in a sub section of my ldap tree with the default privileges for all 
> users on all systems on my site.  I guess there are good pros 
> and cons 

A separate location for defaults would be good as it can get 'lost' amongst the other sudo entries 

> to a sub tree search at this point.  Maybe the configuration 
> file should 
> store whether to perform a sub tree or one level search for these 2 
> searches independently.

Or possibly have a directive similar to sudoers_base in ldap.conf but point to the defaults location?

> 1) The very complex way,  would be to install a local ldap server on 
> each box,  not my idea of fun, or a good idea imho.

Yeah, not to keen on that idea!

> 2) If you are using openldap there is a caching overlay that 
> you could 
> use to improve the performance of regular searches on the tree.

We're running Novel eDirectory which I read does run a cache so I'll have a look at that.

Thanx for the info!


This email and any attachments may contain privileged and confidential information and are intended for the named addressee only. If you have received this e-mail in error, please notify the sender and delete this e-mail immediately. Any confidentiality, privilege or copyright is not waived or lost because this e-mail has been sent to you in error. It is your responsibility to check this e-mail and any attachments for viruses.  No warranty is made that this material is free from computer virus or any other defect or error.  Any loss/damage incurred by using this material is not the sender's responsibility.  The sender's entire liability will be limited to resupplying the material.

More information about the sudo-workers mailing list