[Fedora-directory-users] Sudo and Ldap
Kashif Ali
snake007uk at gmail.com
Wed Sep 10 09:03:32 UTC 2008
If I could get the correct info from getent group
which would show the group members, I am sure sudo would work, I am not sure
what is involved in getting sudo into ldap and the configuring it. Anyone
have a link to howto/wiki?
2008/9/10 Jonathan Barber <j.barber at dundee.ac.uk>
> On Tue, Sep 09, 2008 at 10:42:26PM +0100, Malcolm Amir Hussain-Gambles
> wrote:
> > Redhat sudo doesn't support ldap, recompile it with ldap support and add
> > the sudoers base to /etc/ldap.conf and it should work then, annoying!
>
> I don't know about RHEL5, but centos 5.2 does:
>
> [root at pirez ~]# rpm -q centos-release
> centos-release-5-2.el5.centos
> [root at pirez ~]# rpm -q sudo
> sudo-1.6.8p12-12.el5
> [root at pirez ~]# ldd $(type -p sudo) | grep ldap
> libldap-2.3.so.0 => /usr/lib/libldap-2.3.so.0 (0x00762000)
>
> And I believe it's been present for all the 5.0 series.
>
> > Cheers
> >
> > Malcolm
> >
> > On Tue, 2008-09-09 at 21:39 +0100, Kashif Ali wrote:
> > > Hello all,
> > >
> > > I have successfully setup FDS on Centos 5.2, and manage to get users
> > > signing on without any issues. However if I edit the sudoers file to
> > > allow a group on ldap use sudo, the sudo command does not see the
> > > members of the group or I think the group itself?
> > >
> > > I have no idea why this is:
> > >
> > > if I run the command 'id' as the given user you can clear see the
> > > group memberships, however if I do: getent group linuxops I see:
> > >
> > > linuxops:*:6000:
> > >
> > > with no members??? however SSHD AllowGroups works? I have configured
> > > sshd to only allow members of the linxops group to login and this
> > > works fine? so my question is why is sudo behaving differently?
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users at redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> --
> Jonathan Barber
> High Performance Computing Analyst
> Tel. +44 (0) 1382 386389
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080910/255c47f7/attachment.html>
More information about the 389-users
mailing list