Site Navigation

Date:      Tue, 3 Jun 2008 15:15:20 +0200
From:      Philippe =?iso-8859-1?Q?Aud=E9oud?= <jadawin@FreeBSD.org>
To:        karim.bourenane@orange-ftgroup.com
Cc:        freebsd-current@freebsd.org
Subject:   Re: [BSD7] Openldap with SUDOers
Message-ID:  <20080603131520.GJ85756@tuxaco.net>
In-Reply-To: <OF66C312D5.2CD82282-ONC125745D.00450EC1-C125745D.0048173C@dc.par.equant.com>
References:  <OF66C312D5.2CD82282-ONC125745D.00450EC1-C125745D.0048173C@dc.par.equant.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On Tue, 03 Jun 2008, karim.bourenane@orange-ftgroup.com wrote:


> Hi Team, and All
>

Hello,
 
> I want to create a sudoers profile in my openldap, but i dont undestand 
> how to do.
> Actually in my Ldap i have :
> In slapd.conf
>         # Sudoers definition base
>         sudoers_base   ou=SUDOers,dc=domain,dc=com
>         sudoers_debug 0
> 
> Distinguished Name: ou=SUDOers,dc=domain,dc=com
> 
> Distinguished Name: cn=defaults,ou=SUDOers,dc=domain,dc=com
> With sudoOption:
>                 ignore_dot
>                 !mail_no_user
>                 log_host
>                 !syslog
>                 timestamp_timeout=10
> 
> Distinguished Name: cn=role1,ou=SUDOers,dc=domain,dc=com
> ObjetClass : Top and SudoRole
> sudoCommand : All
> sudoHost : ALL
> sudoOption: !authenticate
> sudoUser : login1,login2
> 
This part seems to be ok.

> When i connect and try command "sudo su"
> %sudo su
>         Password:
>         login1 is not in the sudoers file.  This incident will be 
> reported.
> 

To be sure that sudo don't use /etc/sudoers, please add
ignore_local_sudoers in sudoOptions for cn=defaults
Then, strings < /usr/bin/sudo | grep ldap | grep /
/etc/ldap/ldap.conf
(sorry, i'm using a debian for this time :P)

in /etc/ldap/ldap.conf
BASE    dc=XXXXX, dc=XX
URI     ldap://ip.ip.ip.ip

sudoers_base    ou=SUDOers,dc=XXXX,dc=XX
binddn          cn=sudoers,dc=XXXX,dc=XX
bindpw          secret
sudoers_debug        2

BE SURE TO HAVE TABULATIONS AND NO SPACE! (I loose 3 hours because of a
space!)


PS: If you prefer to speak french, don't hesitate to ask me via private
mail :)

-- 
Philippe Audeoud
FreeBSD Committer	| jadawin@FreeBSD.org

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080603131520.GJ85756>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact