[Date Prev][Date Next]
Re: pam services under LDAP
On Tuesday, 9 November 2010 00:07:27 Indexer wrote:
> I have had a similar issue on my OpenLDAP setup. I have a posixgroup in
> ldap, into which i placed a list of users for sudo access, and it never
Works just fine here. Seems your nss setup is broken.
> both full dn, and just the uid or id number of the user in the
> posixgroup dont work.
> Sudo supports some LDAP based configuration from what i understand, but i
> think that is different to what you are trying to achieve in this case.
No, it is what the OP is trying to achieve.
Here is an example with sudo rules in LDAP, applied to groups that only exist
[bgmilne@saturn ~]$ grep bgmilne /etc/passwd
[bgmilne@saturn ~]$ grep bgmilne /etc/group
[bgmilne@saturn ~]$ groups
sysadmins build developers dbas ispservices
[bgmilne@saturn ~]$ sudo -l
User bgmilne may run the following commands on this host:
LDAP Role: BUILD
[bgmilne@saturn ~]$ ldapsearch -LLL -x "(&(objectclass=sudoRole)(cn=BUILD))"
[bgmilne@saturn ~]$ sudo eash
[i] trying 192.168.123.16:5554 ... connected.
Awaiting EAS central server validation ... granted.
All privileged access to this host is audited. Exit your shell if you
do not accept the conditions of privileged access to this host.