Re: unknown keyword sudoers_base
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: unknown keyword sudoers_base
- From: Ryan Steele <ryans [at] aweber.com>
- To: Arthur de Jong <arthur [at] arthurdejong.org>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: unknown keyword sudoers_base
- Date: Fri, 28 Dec 2012 08:52:16 -0500
In lieu of having your sudoers config in LDAP, putting this into nsswitch.conf
should work:
sudoers: files ldap
Works for me on Ubuntu 10.x/11.x/12.x, and CentOS 5/5.5.
HTH,
Ryan
Arthur de Jong wrote:
> On Fri, 2012-12-28 at 02:28 -0500, Subu Ayyagari wrote:
>> Does nslcd support sudo ( rhel6) ?
>
> Currently not. The sudo-ldap package doesn't use nslcd but an own
> implementation of LDAP lookups. It shouldn't use nslcd.conf.
>
>> 1) Adding "sudoers_base ou=sudo,dc=example,dc=com" in nslcd.conf
>> complains that it is unknown keyword.
>>
>>
>> 2) Not putting that line, complains "no valid sudoers sources found".
>
> It is weird that sudo is parsing nslcd.conf for some reason. It should
> probably be looking at /etc/ldap.conf or something similar. Perhaps some
> file is incorrectly symlinked to nslcd.conf.
>
>> Seen hacks of adding the line after nslcd starts.....but it does not
>> sound right/production quality !!
>
> I wouldn't recommend this because if you end up restarting nslcd it will
> bail out. If you really want this you could recompile nslcd with the
> --disable-configfile-checking configure setting but this will also mean
> that any typo's in nslcd.conf will no longer be detected.
>
>
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
