[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SUDO in LDAP

To: <bgmilne@obsidian.co.za>
Subject: Re: SUDO in LDAP
From: "Alan Sparks" <asparks@doublesparks.net>
Date: Fri, 23 Jan 2004 10:13:46 -0700 (MST)
Cc: <Eric.Sammons@frit.frb.org>, <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <Pine.LNX.4.33.0401231847430.5422-100000@isis.obsidian.co.za>
References: <20040123143226.37C7C85860@p3fed1.frb.org> <Pine.LNX.4.33.0401231847430.5422-100000@isis.obsidian.co.za>

Buchan Milne said:
> On Fri, 23 Jan 2004 Eric.Sammons@frit.frb.org wrote:
>
>> I am still researching to see if there is any information on this, but
>>  wanted to ask as well, is there support for placing SUDO rules in an
>> LDAP?
>>  Thus allowing for sudo management to be done from a central (common)
>> data
>> store?
>>
>
> It's entirely possible, it just requires someone to implement it (add
> the  code to sudo, and write a schema to hold the data), but it doesn't
> really  relate to this list.
>
> Yes, this is something I would also like to see (although you can deploy
> a  single sudoers to all machines in your network, if it's correctly
> configure).
>
> Regards,
> Buchan

There has been work done in this regard.  Look for information on the
sudo-users mailing list (archives at
http://www.sudo.ws/pipermail/sudo-users/).  It's not official stuff, and
is at the level of a patch to sudo code.  Pretty lightly documented at
this time IIRC.

Check for instance the threads in December 2003.
-Alan


===========
Alan Sparks, UNIX/Linux Systems Administrator    <asparks@doublesparks.net>

References:
- SUDO in LDAP
  - From: Eric.Sammons@frit.frb.org
- Re: SUDO in LDAP
  - From: Buchan Milne <bgmilne@obsidian.co.za>

Prev by Date: Weird problem when searching ldap users
Next by Date: RE: Ldap and passwd command
Index(es):
- Chronological
- Thread