So the schema is not part of the Fedora-DS. I will try it and then update my wiki covering this. 2008/9/10 Jonathan Barber <j.barber at dundee.ac.uk> > On Wed, Sep 10, 2008 at 10:03:32AM +0100, Kashif Ali wrote: > > If I could get the correct info from getent group > > > > which would show the group members, I am sure sudo would work, I am not > sure > > what is involved in getting sudo into ldap and the configuring it. Anyone > > have a link to howto/wiki? > > Just following the sudo ldap readme: > http://www.gratisoft.us/sudo/readme_ldap.html > > got me there. > > Bascically you have import the sudo schema (which I got from converting > the openldap schema supplied with the source RPM via the > ol-schema-migrate.pl script), create an entry to put your sudo config > under, import your sudo config, and then configure /etc/ldap.conf to > point at that entry. > > > 2008/9/10 Jonathan Barber <j.barber at dundee.ac.uk> > > > > > On Tue, Sep 09, 2008 at 10:42:26PM +0100, Malcolm Amir Hussain-Gambles > > > wrote: > > > > Redhat sudo doesn't support ldap, recompile it with ldap support and > add > > > > the sudoers base to /etc/ldap.conf and it should work then, annoying! > > > > > > I don't know about RHEL5, but centos 5.2 does: > > > > > > [root at pirez ~]# rpm -q centos-release > > > centos-release-5-2.el5.centos > > > [root at pirez ~]# rpm -q sudo > > > sudo-1.6.8p12-12.el5 > > > [root at pirez ~]# ldd $(type -p sudo) | grep ldap > > > libldap-2.3.so.0 => /usr/lib/libldap-2.3.so.0 (0x00762000) > > > > > > And I believe it's been present for all the 5.0 series. > > > > > > > Cheers > > > > > > > > Malcolm > > > > > > > > On Tue, 2008-09-09 at 21:39 +0100, Kashif Ali wrote: > > > > > Hello all, > > > > > > > > > > I have successfully setup FDS on Centos 5.2, and manage to get > users > > > > > signing on without any issues. However if I edit the sudoers file > to > > > > > allow a group on ldap use sudo, the sudo command does not see the > > > > > members of the group or I think the group itself? > > > > > > > > > > I have no idea why this is: > > > > > > > > > > if I run the command 'id' as the given user you can clear see the > > > > > group memberships, however if I do: getent group linuxops I see: > > > > > > > > > > linuxops:*:6000: > > > > > > > > > > with no members??? however SSHD AllowGroups works? I have > configured > > > > > sshd to only allow members of the linxops group to login and this > > > > > works fine? so my question is why is sudo behaving differently? > > > > > > > > > > -- > > > > > Fedora-directory-users mailing list > > > > > Fedora-directory-users at redhat.com > > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > -- > > > > Fedora-directory-users mailing list > > > > Fedora-directory-users at redhat.com > > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > -- > > > Jonathan Barber > > > High Performance Computing Analyst > > > Tel. +44 (0) 1382 386389 > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- > Jonathan Barber > High Performance Computing Analyst > Tel. +44 (0) 1382 386389 > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080910/4858d48e/attachment.html