Sudo and Ldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So the schema is not part of the Fedora-DS. I will try it and then update my
wiki covering this.

2008/9/10 Jonathan Barber <j.barber at dundee.ac.uk>

> On Wed, Sep 10, 2008 at 10:03:32AM +0100, Kashif Ali wrote:
> > If I could get the correct info from getent group
> >
> > which would show the group members, I am sure sudo would work, I am not
> sure
> > what is involved in getting sudo into ldap and the configuring it. Anyone
> > have a link to howto/wiki?
>
> Just following the sudo ldap readme:
> http://www.gratisoft.us/sudo/readme_ldap.html
>
> got me there.
>
> Bascically you have import the sudo schema (which I got from converting
> the openldap schema supplied with the source RPM via the
> ol-schema-migrate.pl script), create an entry to put your sudo config
> under, import your sudo config, and then configure /etc/ldap.conf to
> point at that entry.
>
> > 2008/9/10 Jonathan Barber <j.barber at dundee.ac.uk>
> >
> > > On Tue, Sep 09, 2008 at 10:42:26PM +0100, Malcolm Amir Hussain-Gambles
> > > wrote:
> > > > Redhat sudo doesn't support ldap, recompile it with ldap support and
> add
> > > > the sudoers base to /etc/ldap.conf and it should work then, annoying!
> > >
> > > I don't know about RHEL5, but centos 5.2 does:
> > >
> > > [root at pirez ~]# rpm -q centos-release
> > > centos-release-5-2.el5.centos
> > > [root at pirez ~]# rpm -q sudo
> > > sudo-1.6.8p12-12.el5
> > > [root at pirez ~]# ldd $(type -p sudo) | grep ldap
> > >        libldap-2.3.so.0 => /usr/lib/libldap-2.3.so.0 (0x00762000)
> > >
> > > And I believe it's been present for all the 5.0 series.
> > >
> > > > Cheers
> > > >
> > > > Malcolm
> > > >
> > > > On Tue, 2008-09-09 at 21:39 +0100, Kashif Ali wrote:
> > > > > Hello all,
> > > > >
> > > > > I have successfully setup FDS on Centos 5.2, and manage to get
> users
> > > > > signing on without any issues. However if I edit the sudoers file
> to
> > > > > allow a group on ldap use sudo, the sudo command does not see the
> > > > > members of the group or I think the group itself?
> > > > >
> > > > > I have no idea why this is:
> > > > >
> > > > > if I run the command 'id' as the given user you can clear see the
> > > > > group memberships, however if I do: getent group linuxops I see:
> > > > >
> > > > > linuxops:*:6000:
> > > > >
> > > > > with no members??? however SSHD AllowGroups works? I have
> configured
> > > > > sshd to only allow members of the linxops group to login and this
> > > > > works fine? so my question is why is sudo behaving differently?
> > > > >
> > > > > --
> > > > > Fedora-directory-users mailing list
> > > > > Fedora-directory-users at redhat.com
> > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > > >
> > > > --
> > > > Fedora-directory-users mailing list
> > > > Fedora-directory-users at redhat.com
> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >
> > > --
> > > Jonathan Barber
> > > High Performance Computing Analyst
> > > Tel. +44 (0) 1382 386389
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users at redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >
>
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> --
> Jonathan Barber
> High Performance Computing Analyst
> Tel. +44 (0) 1382 386389
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080910/4858d48e/attachment.html 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux