[prev in list] [next in list] [prev in thread] [next in thread]
List: sudo-users
Subject: [sudo-users] sudo & LDAP (not working)
From: Chris Martino <Chris.Martino () tsysprepaid ! com>
Date: 2005-03-08 22:18:01
Message-ID: OF6F6338A9.CBD6D6EC-ON85256FBE.007A1A08-85256FBE.007A65DA () tsysprepaid ! com
[Download RAW message or body]
Hello,
I'm trying to get sudoers into LDAP and I'm mostly there. Everything has
been ported across and /etc/ldap.conf setup but testing it with a simple
'sudo -u user ls' fails. Here's my output:
server:/home/chris # sudo -u chris ls
LDAP Config Summary
===================
host 127.0.0.1
port 389
ldap_version 3
sudoers_base ou=Sudoers,o=TSYS,c=US
binddn (anonymous)
bindpw (anonymous)
ssl on
===================
ldap_init(127.0.0.1,389)
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
ldap_bind() ok
found:cn=defaults,ou=Sudoers,o=TSYS,c=US
ldap sudoOption: 'ignore_local_sudoers'
ldap search
'(|(sudoUser=root)(sudoUser=%root)(sudoUser=%root)(sudoUser=%wheel)(sudoUser=%wheel)(s \
udoUser=%priv)(sudoUser=%pkcs11)(sudoUser=%pkcs11)(sudoUser=%perldb2)(sudoUser=ALL))' \
found:cn=root,ou=Sudoers,o=TSYS,c=US ldap sudoHost 'ALL' ... MATCH!
ldap sudoCommand 'ALL' ... MATCH!
ldap search 'sudoUser=+*'
user_matches=-1
host_matches=-1
sudo_ldap_check(0)=0x04
Sorry, user root is not allowed to execute '/bin/ls' as chris on server.
Any ideas what's going on here? Here's what my LDAP schema looks like for
the sudoers OU:
# Sudoers, TSYS, US
dn: ou=Sudoers,o=TSYS,c=US
ou: Sudoers
objectClass: top
objectClass: organizationalUnit
# defaults, Sudoers, TSYS, US
dn: cn=defaults,ou=Sudoers,o=TSYS,c=US
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
sudoOption: ignore_local_sudoers
# root, Sudoers, TSYS, US
dn: cn=root,ou=Sudoers,o=TSYS,c=US
objectClass: top
objectClass: sudoRole
cn: root
sudoUser: root
sudoHost: ALL
sudoCommand: ALL
# %users, Sudoers, TSYS, US
dn: cn=%users,ou=Sudoers,o=TSYS,c=US
objectClass: top
objectClass: sudoRole
cn: %users
sudoUser: %users
sudoHost: ALL
sudoCommand: ALL
Any help is greatly appreciated!
Thanks,
Chris
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic