===Intro===

For a (short) while now, sudo have a LDAP support, which allow to store a global sudoers in a LDAP Directory.

**Note :** The LDAP support doesn't require usage of *_Alias

===Build===

Just add the <code>--with-ldap</code> option to configure

===Config===

Edit the file /etc/ldap.conf (default) to have something looks like :

<code>
host             ldap.asyd.net
port             389
sudoers_base     ou=Sudo,dc=asyd,dc=net
# sudoers_debug   2
</code>

===LDAP===

Here some sample entries :

<code ldif>
dn: cn=defaults,ou=sudo,dc=asyd,dc=net
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here

dn: cn=root,ou=sudo,dc=asyd,dc=net
sudoCommand: ALL
objectClass: top
objectClass: sudoRole
cn: root
sudoUser: root
sudoHost: ALL

dn: cn=%gunixmgr,ou=sudo,dc=asyd,dc=net
sudoCommand: ALL
objectClass: top
objectClass: sudoRole
cn: %gunixmgr
sudoUser: %gunixmgr
sudoHost: ALL

dn: cn=%gunixdba+sudoRunAs=oracle,ou=sudo,dc=asyd,dc=net
cn: %gunixdba
sudoRunAs: oracle
sudoCommand: ALL
objectClass: top
objectClass: sudoRole
sudoUser: %gunixdba
sudoHost: ALL
sudoOption: !authenticate

dn: cn=oracle,ou=sudo,dc=asyd,dc=net
sudoCommand: /usr/bin/vi /etc/init.d/oracle
sudoCommand: /etc/init.d/snmpd
objectClass: top
objectClass: sudoRole
cn: oracle
sudoUser: oracle
sudoHost: ALL
</code>