runas_default= not working as expected. Dropping to root.
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
runas_default= not working as expected. Dropping to root.
- From: arjen [at] itcloud.nl
- To: <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: runas_default= not working as expected. Dropping to root.
- Date: Wed, 27 Jul 2011 13:40:57 +0200
Hello,
I'm running debian squeeze and getting unexpected results when running
'sudo -i'
expected a bash shell as the configured runas_default=tomcat, instead
recieving a shell running as root.
If someone could point me on my error i gladly appreciate it.
Arjen.
libnss-ldapd 0.7.13
libpam-ldapd 0.7.13
sudo-ldap 1.7.4p4-2.squeeze.2
------
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ldap://127.0.0.1/
# The search base that will be used for all queries.
base dc=base,dc=nl
# The LDAP protocol version to use.
ldap_version 3
# The DN to bind with for normal lookups.
binddn cn=client,ou=ldap,dc=base,dc=nl
bindpw changethis
# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com
timelimit 20
idle_timelimit 300
# SSL options
ssl start_tls
tls_reqcert never
# The search scope.
#scope sub
------
------
root@node1:~# nslcd -d
nslcd: DEBUG: add_uri(ldap://127.0.0.1/)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,0)
nslcd: version 0.7.13 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No
such file or directory
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(111) done
nslcd: DEBUG: setuid(107) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [8b4567] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [8b4567] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_start_tls_s()
nslcd: [8b4567] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [8b4567] DEBUG: ldap_result(): end of results
nslcd: [7b23c6] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [7b23c6] DEBUG: nslcd_group_bymember(johndoe)
nslcd: [7b23c6] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [7b23c6] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [7b23c6] DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_start_tls_s()
nslcd: [7b23c6] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [7b23c6] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(|(memberUid=johndoe)(uniqueMember=uid=johndoe,ou=People,dc=base,dc=nl)))")
nslcd: [7b23c6] DEBUG: ldap_result(): end of results
nslcd: [3c9869] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [3c9869] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [3c9869] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [3c9869] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [3c9869] DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_start_tls_s()
nslcd: [3c9869] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [3c9869] DEBUG: ldap_result(): end of results
nslcd: [334873] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [334873] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [334873] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [334873] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [334873] DEBUG: ldap_set_rebind_proc()
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [334873] DEBUG: ldap_start_tls_s()
nslcd: [334873] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [334873] DEBUG: ldap_result(): end of results
nslcd: [b0dc51] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [b0dc51] DEBUG: nslcd_pam_authc("johndoe","","sshd","***")
nslcd: [b0dc51] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [b0dc51] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [b0dc51] DEBUG: ldap_set_rebind_proc()
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_start_tls_s()
nslcd: [b0dc51] DEBUG:
ldap_simple_bind_s("cn=client,ou=ldap,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [b0dc51] DEBUG:
myldap_search(base="uid=johndoe,ou=People,dc=base,dc=nl",
filter="(objectClass=posixAccount)")
nslcd: [b0dc51] DEBUG: ldap_initialize(ldap://127.0.0.1/)
nslcd: [b0dc51] DEBUG: ldap_set_rebind_proc()
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,20)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_start_tls_s()
nslcd: [b0dc51] DEBUG:
ldap_simple_bind_s("uid=johndoe,ou=People,dc=base,dc=nl","***")
(uri="ldap://127.0.0.1/")
nslcd: [b0dc51] DEBUG: ldap_unbind()
nslcd: [b0dc51] DEBUG: bind successful
nslcd: [495cff] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [495cff] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [495cff] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [495cff] DEBUG: ldap_result(): end of results
nslcd: [e8944a] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [e8944a] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [e8944a] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [e8944a] DEBUG: ldap_result(): end of results
nslcd: [5558ec] DEBUG: connection from pid=27546 uid=0 gid=0
nslcd: [5558ec] DEBUG:
nslcd_pam_authz("johndoe","uid=johndoe,ou=People,dc=base,dc=nl","sshd","","johndoe.office.fake.nl","ssh")
nslcd: [8e1f29] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [8e1f29] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [8e1f29] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [8e1f29] DEBUG: ldap_result(): end of results
nslcd: [e87ccd] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [e87ccd] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [e87ccd] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [e87ccd] DEBUG: ldap_result(): end of results
nslcd: [1b58ba] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [1b58ba] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [1b58ba] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [1b58ba] DEBUG: ldap_result(): end of results
nslcd: [7ed7ab] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [7ed7ab] DEBUG:
nslcd_pam_sess_o("johndoe","","sshd","ssh","johndoe.office.fake.nl","")
nslcd: [b141f2] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [b141f2] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [b141f2] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [b141f2] DEBUG: ldap_result(): end of results
nslcd: [b71efb] DEBUG: connection from pid=27547 uid=0 gid=100
nslcd: [b71efb] DEBUG: nslcd_group_bymember(johndoe)
nslcd: [b71efb] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [b71efb] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(|(memberUid=johndoe)(uniqueMember=uid=johndoe,ou=People,dc=base,dc=nl)))")
nslcd: [b71efb] DEBUG: ldap_result(): end of results
nslcd: [e2a9e3] DEBUG: connection from pid=27547 uid=0 gid=100
nslcd: [e2a9e3] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [e2a9e3] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [e2a9e3] DEBUG: ldap_result(): end of results
nslcd: [45e146] DEBUG: connection from pid=27547 uid=0 gid=100
nslcd: [45e146] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [45e146] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [45e146] DEBUG: ldap_result(): end of results
nslcd: [5f007c] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [5f007c] DEBUG: nslcd_passwd_byuid(5060)
nslcd: [5f007c] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uidNumber=5060))")
nslcd: [5f007c] DEBUG: ldap_result(): end of results
nslcd: [d062c2] DEBUG: connection from pid=27544 uid=0 gid=0
nslcd: [d062c2] DEBUG: nslcd_passwd_byname(johndoe)
nslcd: [d062c2] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=johndoe))")
nslcd: [d062c2] DEBUG: ldap_result(): end of results
nslcd: [200854] DEBUG: connection from pid=27548 uid=5060 gid=100
nslcd: [200854] DEBUG: nslcd_passwd_byuid(5060)
nslcd: [200854] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uidNumber=5060))")
nslcd: [200854] DEBUG: ldap_result(): end of results
nslcd: [b127f8] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [b127f8] DEBUG: nslcd_passwd_byuid(5060)
nslcd: [b127f8] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uidNumber=5060))")
nslcd: [b127f8] DEBUG: ldap_result(): end of results
nslcd: [16231b] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [16231b] DEBUG: nslcd_group_bygid(3005)
nslcd: [16231b] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(gidNumber=3005))")
nslcd: [16231b] DEBUG: ldap_result(): end of results
nslcd: [16e9e8] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [16e9e8] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [16e9e8] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [16e9e8] DEBUG: ldap_result(): end of results
nslcd: [90cde7] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [90cde7] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [90cde7] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [90cde7] error writing to client: Broken pipe
nslcd: [ef438d] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [ef438d] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [ef438d] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [ef438d] DEBUG: ldap_result(): end of results
nslcd: [0e0f76] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [0e0f76] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [0e0f76] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [0e0f76] error writing to client: Broken pipe
nslcd: [52255a] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [52255a] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [52255a] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [52255a] DEBUG: ldap_result(): end of results
nslcd: [9cf92e] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [9cf92e] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [9cf92e] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [9cf92e] error writing to client: Broken pipe
nslcd: [ed7263] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [ed7263] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [ed7263] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [ed7263] DEBUG: ldap_result(): end of results
nslcd: [dcc233] DEBUG: connection from pid=27551 uid=0 gid=100
nslcd: [dcc233] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [dcc233] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [dcc233] error writing to client: Broken pipe
nslcd: [efd79f] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [efd79f] DEBUG: nslcd_passwd_byuid(5060)
nslcd: [efd79f] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uidNumber=5060))")
nslcd: [efd79f] DEBUG: ldap_result(): end of results
nslcd: [a7c4c9] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [a7c4c9] DEBUG: nslcd_group_bymember(root)
nslcd: [a7c4c9] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixAccount)(uid=root))")
nslcd: [a7c4c9] DEBUG: ldap_result(): end of results
nslcd: [a7c4c9] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(memberUid=root))")
nslcd: [a7c4c9] DEBUG: ldap_result(): end of results
nslcd: [68079a] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [68079a] DEBUG: nslcd_group_bygid(3005)
nslcd: [68079a] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=posixGroup)(gidNumber=3005))")
nslcd: [68079a] DEBUG: ldap_result(): end of results
nslcd: [6afb66] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [6afb66] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [6afb66] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [6afb66] DEBUG: ldap_result(): end of results
nslcd: [e45d32] DEBUG: connection from pid=27552 uid=0 gid=100
nslcd: [e45d32] DEBUG: nslcd_netgroup_byname(rw_development)
nslcd: [e45d32] DEBUG: myldap_search(base="dc=base,dc=nl",
filter="(&(objectClass=nisNetgroup)(cn=rw_development))")
nslcd: [e45d32] DEBUG: ldap_result(): end of results
^Cnslcd: [a7c4c9] DEBUG: ldap_unbind()
nslcd: [6afb66] DEBUG: ldap_unbind()
nslcd: [68079a] DEBUG: ldap_unbind()
nslcd: [e45d32] DEBUG: ldap_unbind()
nslcd: [efd79f] DEBUG: ldap_unbind()
nslcd: caught signal SIGINT (2), shutting down
nslcd: version 0.7.13 bailing out
root@node1:~#
------
------
johndoe@node1:/$ sudo -l
LDAP Config Summary
===================
uri ldap://127.0.0.1/
ldap_version 3
sudoers_base ou=sudoers,dc=base,dc=nl
binddn cn=client,ou=ldap,dc=base,dc=nl
bindpw changethis
bind_timelimit 2000
ssl (no)
tls_checkpeer (no)
===================
sudo: ldap_initialize(ld, ldap://127.0.0.1/)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: tls_checkpeer -> 0
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 2)
sudo: ldap_sasl_bind_s() ok
sudo: found:cn=defaults,ou=sudoers,dc=base,dc=nl
sudo: ldap sudoOption: 'authenticate'
sudo: ldap sudoOption: 'syslog=auth'
sudo: ldap sudoOption: 'insults'
sudo: ldap sudoOption: '!mail_no_user'
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoOption: '!authenticate'
sudo: ldap sudoOption: 'runas_default=tomcat'
sudo: user_matches=1
sudo: host_matches=1
sudo: sudo_ldap_lookup(52)=0x82
Matching Defaults entries for johndoe on this host:
env_reset, authenticate, syslog=auth, insults, !mail_no_user
sudo: ldap search
'(|(sudoUser=johndoe)(sudoUser=%users)(sudoUser=%rw_development)(sudoUser=ALL))'
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoHost 'linux14' ... not
sudo: ldap search 'sudoUser=+*'
User johndoe may run the following commands on this host:
(root) NOPASSWD: /bin/bash
(root) NOPASSWD: /usr/bin/ngrep *, /bin/kill *, /etc/init.d/tomcat
*,
(root) NOPASSWD: /bin/chown tomcat *, /bin/chown -R tomcat *,
johndoe@node1:/$ sudo -i
LDAP Config Summary
===================
uri ldap://127.0.0.1/
ldap_version 3
sudoers_base ou=sudoers,dc=base,dc=nl
binddn cn=client,ou=ldap,dc=base,dc=nl
bindpw changethis
bind_timelimit 2000
ssl (no)
tls_checkpeer (no)
===================
sudo: ldap_initialize(ld, ldap://127.0.0.1/)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: tls_checkpeer -> 0
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 2)
sudo: ldap_sasl_bind_s() ok
sudo: found:cn=defaults,ou=sudoers,dc=base,dc=nl
sudo: ldap sudoOption: 'authenticate'
sudo: ldap sudoOption: 'syslog=auth'
sudo: ldap sudoOption: 'insults'
sudo: ldap sudoOption: '!mail_no_user'
sudo: ldap search
'(|(sudoUser=johndoe)(sudoUser=%users)(sudoUser=%rw_development)(sudoUser=ALL))'
sudo: found:cn=full_batch_access,ou=sudoers,dc=base,dc=nl
sudo: ldap sudoHost '+rw_development' ... MATCH!
sudo: ldap sudoCommand '/bin/bash' ... MATCH!
sudo: Command allowed
sudo: ldap sudoOption: '!authenticate'
sudo: ldap sudoOption: 'runas_default=tomcat'
sudo: user_matches=1
sudo: host_matches=1
sudo: sudo_ldap_lookup(0)=0x02
root@node1:~#
------
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users
- runas_default= not working as expected. Dropping to root.,
arjen
