[sudo-workers] sudoers_* ldap keywords
Todd C. Miller
Todd.Miller at courtesan.com
Tue Nov 29 16:56:38 EST 2011
On Tue, 29 Nov 2011 14:35:39 +0100, Daniel Kopecek wrote:
> after moving to /etc/nslcd.conf as the shared ldap configuration
> file, we've encountered a problem with nslcd's strict syntax checking
> and sudo's special configuration keywords (sudoers_*). This problem
> could be solved by adding those keywords to nslcd's dictionary of valid
> keywords, adding an option to ignore unknown keywords to nslcd, or by
> moving this keywords to sudo specific configuration files (sudoers or
Neither sudoers nor sudo.conf are really appropriate for this.
Sudoers should not be required for a pure LDAP setup and sudo.conf
is intended to be plugin agnostic.
You could use a separate ldap configuration file for sudo, though
this would mean duplicating the info in the main /etc/nslcd.conf
file. Since there are multiple consumers of ldap.conf (or the
equivalent) each with their own settings it seems rather unfriendly
for nslcd to error out on unknown settings.
More information about the sudo-workers