RSS feed

Re: unknown keyword sudoers_base

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: unknown keyword sudoers_base

In lieu of having your sudoers config in LDAP, putting this into nsswitch.conf 
should work:

sudoers: files ldap

Works for me on Ubuntu 10.x/11.x/12.x, and CentOS 5/5.5.


Arthur de Jong wrote:
> On Fri, 2012-12-28 at 02:28 -0500, Subu Ayyagari wrote:
>> Does nslcd support sudo ( rhel6) ?
> Currently not. The sudo-ldap package doesn't use nslcd but an own
> implementation of LDAP lookups. It shouldn't use nslcd.conf.
>> 1) Adding "sudoers_base   ou=sudo,dc=example,dc=com" in nslcd.conf
>>     complains that it is unknown keyword.
>> 2) Not putting that line, complains "no valid sudoers sources found".
> It is weird that sudo is parsing nslcd.conf for some reason. It should
> probably be looking at /etc/ldap.conf or something similar. Perhaps some
> file is incorrectly symlinked to nslcd.conf.
>> Seen hacks of adding the line after nslcd starts.....but it does not
>> sound right/production quality !!
> I wouldn't recommend this because if you end up restarting nslcd it will
> bail out. If you really want this you could recompile nslcd with the
> --disable-configfile-checking configure setting but this will also mean
> that any typo's in nslcd.conf will no longer be detected.
To unsubscribe send an email to or see