[sudo-workers] LDAP issue
Todd C. Miller
Todd.Miller at courtesan.com
Tue Jan 22 17:01:17 EST 2008
In message <E5F741E838FC2043A0B843E481818138084D7934 at MLNYC730MB.amrs.win.ml.com
so spake "Newman, Edward \(GTI\)" (edward_newman):
> Been trying out 1.7b1 and had issue with LDAP. Appears that
> /etc/ldap.conf is default to "'/etc/ldap.conf'" (note double quotes
> around single quotes). This causes ldap.conf to be not found. Please
> remove single quotes from pathnames.h.
I'm not sure where the single quotes are coming from--I certainly
don't get them here. I get just the double quotes whether I specify
--with-ldap-conf-file=/etc/sudo-ldap.conf or if I take the default
location. What operating system are you seeing this behavior on?
> One additional comment - I find the LDAP display confusing compared to
> file display. Is there anyway to show consolidated rights from file and
> ldap in one view rather than two separate sections and align formatting?
> This might require some significant changes based on current code paths.
I agree that the very different display is sub-optimal. It may be
possible to make the LDAP output appear more like the file-based
sudoers info, though I'm not sure what to do with the per-command
options. I suppose they could be transformed into Defaults!command
type entries. Merging the two may be as simple as breaking up the
listing stage so that Defaults options are printed at the same time.
> However I do now have this working against Active Directory /
> Application Mode and will start testing further. Any timeline for 1.7?
Was there any special configuration you had to do to use Active
Directory that should go in README.LDAP?
As for a timeline, it depends on the level of testing. The more
things get tested, the more confident I will be ;-)
More information about the sudo-workers