To get NOPASSWD behavior when using ldap to distribute your sudo records,
you need to add a sudo options attribute to the sudo rule in ldap to negate
the default authentication requirement.
authenticate:
If set, users must authenticate themselves via a password (or other means
of authentication) before they may run commands. This default may be
overridden via the PASSWD and NOPASSWD tags. This flag is on by default.
To negate it, place a '!' in front of it as the value to a sudo options
attribute in ldap.
On Mon, Nov 2, 2015 at 7:02 AM, Todor Petkov <zakk(a)online.bg> wrote:
On 02/11/2015 10:20 AM, Todor Petkov wrote:
> Hello,
>
> my bad, I meant that I have added the line in sudoers, but it was not
> working.
>
> However, I have added the user as "uniquemember" of the group, not
> just "gidNumber" and it's OK now.
>
> Thanks.
>
Hi,
small update:
when the group is with NOPASSWD:ALL, it's not working.
If the user has specific record, it's OK.
I can change the sudoers record with pssh, but if someone can give a hint
how to make the group record working, I will appreciate it.
Regards,
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Alan Willis
Core Infrastructure | Riot Games
For, to speak out once for all, man only plays when in the full meaning of
the word he is a man, and *he is only completely a man when he plays*. -
J.C. Friedrich von Schiller - Letters upon the Æsthetic Education of Man