<div dir="ltr">If I could get the correct info from getent group <br><br>which would show the group members, I am sure sudo would work, I am not sure what is involved in getting sudo into ldap and the configuring it. Anyone have a link to howto/wiki?<br>
<br><br><div class="gmail_quote">2008/9/10 Jonathan Barber <span dir="ltr"><<a href="mailto:j.barber@dundee.ac.uk">j.barber@dundee.ac.uk</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Tue, Sep 09, 2008 at 10:42:26PM +0100, Malcolm Amir Hussain-Gambles wrote:<br>
> Redhat sudo doesn't support ldap, recompile it with ldap support and add<br>
> the sudoers base to /etc/ldap.conf and it should work then, annoying!<br>
<br>
</div>I don't know about RHEL5, but centos 5.2 does:<br>
<br>
[root@pirez ~]# rpm -q centos-release<br>
centos-release-5-2.el5.centos<br>
[root@pirez ~]# rpm -q sudo<br>
sudo-1.6.8p12-12.el5<br>
[root@pirez ~]# ldd $(type -p sudo) | grep ldap<br>
libldap-2.3.so.0 => /usr/lib/libldap-2.3.so.0 (0x00762000)<br>
<br>
And I believe it's been present for all the 5.0 series.<br>
<div class="Ih2E3d"><br>
> Cheers<br>
><br>
> Malcolm<br>
><br>
> On Tue, 2008-09-09 at 21:39 +0100, Kashif Ali wrote:<br>
> > Hello all,<br>
> ><br>
> > I have successfully setup FDS on Centos 5.2, and manage to get users<br>
> > signing on without any issues. However if I edit the sudoers file to<br>
> > allow a group on ldap use sudo, the sudo command does not see the<br>
> > members of the group or I think the group itself?<br>
> ><br>
> > I have no idea why this is:<br>
> ><br>
> > if I run the command 'id' as the given user you can clear see the<br>
> > group memberships, however if I do: getent group linuxops I see:<br>
> ><br>
> > linuxops:*:6000:<br>
> ><br>
> > with no members??? however SSHD AllowGroups works? I have configured<br>
> > sshd to only allow members of the linxops group to login and this<br>
> > works fine? so my question is why is sudo behaving differently?<br>
> ><br>
> > --<br>
> > Fedora-directory-users mailing list<br>
> > <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>
> > <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>
><br>
> --<br>
> Fedora-directory-users mailing list<br>
> <a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>
> <a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>
<br>
</div><font color="#888888">--<br>
Jonathan Barber<br>
High Performance Computing Analyst<br>
Tel. +44 (0) 1382 386389<br>
</font><div><div></div><div class="Wj3C7c"><br>
--<br>
Fedora-directory-users mailing list<br>
<a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><br>
</div></div></blockquote></div><br></div>