[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Issue while Centralizing SUDO with OpenLDAP



On Monday, 16 May 2011 17:38:31 pradyumna dash wrote:
> Hi,
> 
> I am trying to acheive centralizing SUDO, but facing an issue,i
> suspect its something to do with sudoers.schema, May be am wrong. I
> think somehow the slapd process is not able to read it. Please suggest
> how to fix the issue.

[...]

> t710x02-6:/etc/openldap/schema # ldapadd -f /opt/newsudo.ldif -h
> 127.0.0.1 -D cn=Manager,dc=example,dc=com -W -x
> Enter LDAP Password:
> adding new entry "cn=defaults,ou=SUDOers,dc=example,dc=com"
> 
> ldap_add: Invalid syntax (21)
> 
> additional info: objectClass: value #0 invalid per syntax
> 
> sudoers.ldif
> dn: cn=defaults,ou=SUDOers,dc=example,dc=com
> #objectClass: top
> objectClass: sudoRole
> cn: defaults

Please verify that you have actually included the sudoers.schema in your 
configuration, and that slapd was restarted after that.

You could check that the objectclass exists in your server. In my case:

$ ldapsearch -x -s base -b cn=subschema objectclasses|perl -p0e 's/\n //g' |
grep -i sudo
objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' DESC 'Sudoer Entries' 
SUP top STRUCTURAL MUST cn MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs 
$ sudoOption $ description ) )


Regards,
Buchan