[sudo-workers] sudoers_* ldap keywords

Daniel Kopecek dkopecek at redhat.com
Wed Nov 30 08:35:31 EST 2011

On 11/30/2011 01:42 PM, Stephen Gallagher wrote:
> On Tue, 2011-11-29 at 20:19 -0500, Todd C. Miller wrote:
>> On Tue, 29 Nov 2011 19:48:57 EST, Stephen Gallagher wrote:
>>> Well, just to amend to this, the fact that nslcd.conf has multiple
>>> consumers is a bug in itself - one that we're working to eliminate with
>>> SSSD by producing plugins for talking to sudo, automount, openssh-lpk
>>> and similar services.
>>> It really is an abuse of another application's configuration. Just
>>> because it happens to be there doesn't necessarily mean it's correct for
>>> your application either.
>> You can specify the path to ldap.conf that sudo will use at configure
>> time.  Some distros (such as Debian) use /etc/sudo-ldap.conf to
>> avoid such problems.
> Daniel: This sounds like a really good idea. At the very least, it would
> help to alleviate the confusion that a LOT of users have that sudo LDAP
> support is coming from nss_ldap/nss-pam-ldapd.

Sound good to me too.

Thanks Todd & Stephen.

Dan K.

More information about the sudo-workers mailing list