Home Contact Download

asyd.net

Welcome to Bruno Bonfils's (aka asyd homepage).

Intro

For a (short) while now, sudo have a LDAP support, which allow to store a global sudoers in a LDAP Directory.

Note : The LDAP support doesn't require usage of *_Alias

Build

Just add the

--with-ldap

option to configure

Config

Edit the file /etc/ldap.conf (default) to have something looks like :

host             ldap.asyd.net
port             389
sudoers_base     ou=Sudo,dc=asyd,dc=net
# sudoers_debug   2

LDAP

Here some sample entries :

dn: cn=defaults,ou=sudo,dc=asyd,dc=net
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
 
dn: cn=root,ou=sudo,dc=asyd,dc=net
sudoCommand: ALL
objectClass: top
objectClass: sudoRole
cn: root
sudoUser: root
sudoHost: ALL
 
dn: cn=%gunixmgr,ou=sudo,dc=asyd,dc=net
sudoCommand: ALL
objectClass: top
objectClass: sudoRole
cn: %gunixmgr
sudoUser: %gunixmgr
sudoHost: ALL
 
dn: cn=%gunixdba+sudoRunAs=oracle,ou=sudo,dc=asyd,dc=net
cn: %gunixdba
sudoRunAs: oracle
sudoCommand: ALL
objectClass: top
objectClass: sudoRole
sudoUser: %gunixdba
sudoHost: ALL
sudoOption: !authenticate
 
dn: cn=oracle,ou=sudo,dc=asyd,dc=net
sudoCommand: /usr/bin/vi /etc/init.d/oracle
sudoCommand: /etc/init.d/snmpd
objectClass: top
objectClass: sudoRole
cn: oracle
sudoUser: oracle
sudoHost: ALL