[Date Prev][Date Next] [Chronological] [Thread] [Top]

centralized sudo policies : ACL issue

To: openldap-technical@openldap.org
Subject: centralized sudo policies : ACL issue
From: Olivier <ldap@guillard.nom.fr>
Date: Tue, 3 Apr 2012 16:52:35 +0200

A quite trivial issue I have :

I have installed centralized policy sudo rules in ldap server
(I use "schema.OpenLDAP" from "http://www.sudo.ws"; ).

I also have configured linux clients to check ldap rules to
grant sudo access to certain ressources ( I declared
"sudoers_base" in nslcd.conf and "sudoers:    ldap" in
nsswitch.conf ).

That works, but I'm still not happy :-)

To make it work, I need to authorize reading on the sudoers
DIT branch for user, which I would like to avoid ( BTW, normally
/etc/sudoers is not readable by users ).

Anyone knows any way to remove sudo rules reading rights
to usual users while having rules working for everyone ( I was
thinking about an ldap proxy user used to read sudo rules in
ldap, but I haven't found how to declare it ) ?

Thanks,

---
Olivier

Follow-Ups:
- Re: centralized sudo policies : ACL issue
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: openldap proxy to AD
Next by Date: Re: Convert *.schema to *.ldif
Index(es):
- Chronological
- Thread