On Tue, 03 Jun 2008, karim.bourenane_at_orange-ftgroup.com wrote: > Hi Team, and All > Hello, > I want to create a sudoers profile in my openldap, but i dont undestand > how to do. > Actually in my Ldap i have : > In slapd.conf > # Sudoers definition base > sudoers_base ou=SUDOers,dc=domain,dc=com > sudoers_debug 0 > > Distinguished Name: ou=SUDOers,dc=domain,dc=com > > Distinguished Name: cn=defaults,ou=SUDOers,dc=domain,dc=com > With sudoOption: > ignore_dot > !mail_no_user > log_host > !syslog > timestamp_timeout=10 > > Distinguished Name: cn=role1,ou=SUDOers,dc=domain,dc=com > ObjetClass : Top and SudoRole > sudoCommand : All > sudoHost : ALL > sudoOption: !authenticate > sudoUser : login1,login2 > This part seems to be ok. > When i connect and try command "sudo su" > %sudo su > Password: > login1 is not in the sudoers file. This incident will be > reported. > To be sure that sudo don't use /etc/sudoers, please add ignore_local_sudoers in sudoOptions for cn=defaults Then, strings < /usr/bin/sudo | grep ldap | grep / /etc/ldap/ldap.conf (sorry, i'm using a debian for this time :P) in /etc/ldap/ldap.conf BASE dc=XXXXX, dc=XX URI ldap://ip.ip.ip.ip sudoers_base ou=SUDOers,dc=XXXX,dc=XX binddn cn=sudoers,dc=XXXX,dc=XX bindpw secret sudoers_debug 2 BE SURE TO HAVE TABULATIONS AND NO SPACE! (I loose 3 hours because of a space!) PS: If you prefer to speak french, don't hesitate to ask me via private mail :) -- Philippe Audeoud FreeBSD Committer | jadawin_at_FreeBSD.orgReceived on Tue Jun 03 2008 - 11:33:09 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:31 UTC