[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ubuntu sudoers won't talk to LDAP



On 11/19/2010 02:32 PM, Quanah Gibson-Mount wrote:
--On Friday, November 19, 2010 2:23 PM -0500 bluethundr
<bluethundr@gmail.com> wrote:

Hello Ubuntu

On our network we have our sudoers stored in LDAP. This works fine on
the CentOS 5.4 clients by placing into /etc/ldap.conf


sudoers_base ou=sudoers,ou=Services,dc=example,dc=net


and in /etc/nsswitch.conf we have the entry:


sudoers: ldap


(setting this setting to just 'ldap' instead of 'files ldap' does not
render the machine unbootable as happens if you set passwd and group
this way).

However I am attempting to set this up on an Ubuntu 9.10 client and
getting no joy so far. I have the same settings in /etc/ldap.conf and
/etc/nsswitch.conf and cannot get sudoers to work.

On the Ubuntu box, I can get LDAP entries by typing in getent passwd |
grep ldapAccount, however when you attempt to sudo it fails:

My guess would be that it is a different version of sudo. Have you read
the manual page for it?

Ubuntu has a sudo-ldap package that replaces the normal ldap with a, well, ldap-enhanced one.

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration