[sudo-workers] Multipe sudoers_base-entries in ldap.conf

["Björn Matthiessen"]

Hi everyone,

I'm using sudo with ldap and it works very nice. What i miss though is the possiblity to define 2 or more sudoers_base-entries in /etc/ldap.conf.
e.g.:
sudoers_base ou=sudoers,dc=foo1,dc=bar
sudoers_base ou=sudoers,dc=foo2,dc=bar

As I don't want sudo to search in ou=sudoers,dc=foo3,dc=bar the patch which features sub tree search doesn't help me much here.

The idea would be:
- Read all sudoers_base-entries from ldap.conf
- Use the first sudoers_base as ldap_conf.base
- Read defaults: cn=defaults,ou=sudoers,dc=foo1,dc=bar
- if an entry for the user and/or groups is found, this sudoers_base is used
- if no entry was found, the next sudoers_base will be used
- if still no entry is found, give up => nothing found

To make this work groups and users must be disjoint, as the sudoers_base of the first successfull search result will be used.

Few questions:
Is anybody else in need of this feature?
Did someone thought about it already and found out that it's not practicable for some reason?
Would it be possible to commit it to the trunk once it's implemented?
Any ideas are most welcome...

Best Regards,

Björn