RSS feed

RE: unknown keyword sudoers_base

[Date Prev][Date Next] [Thread Prev][Thread Next]

RE: unknown keyword sudoers_base

It seems as of sudo-1.7.4p5-11 the bug is fixed, it now uses 
/etc/sudo-ldap.conf, so put your "sudoers_base" line 
/etc/sudo-ldap.conf and obviously have you nsswitch.conf updated as mentioned 
 On Behalf Of Arthur de Jong []
Sent: Friday, December 28, 2012 8:44 AM
Subject: Re: unknown keyword sudoers_base

On Fri, 2012-12-28 at 02:28 -0500, Subu Ayyagari wrote:
> Does nslcd support sudo ( rhel6) ?

Currently not. The sudo-ldap package doesn't use nslcd but an own
implementation of LDAP lookups. It shouldn't use nslcd.conf.

> 1) Adding "sudoers_base   ou=sudo,dc=example,dc=com" in nslcd.conf
>     complains that it is unknown keyword.
> 2) Not putting that line, complains "no valid sudoers sources found".

It is weird that sudo is parsing nslcd.conf for some reason. It should
probably be looking at /etc/ldap.conf or something similar. Perhaps some
file is incorrectly symlinked to nslcd.conf.

> Seen hacks of adding the line after nslcd starts.....but it does not
> sound right/production quality !!

I wouldn't recommend this because if you end up restarting nslcd it will
bail out. If you really want this you could recompile nslcd with the
--disable-configfile-checking configure setting but this will also mean
that any typo's in nslcd.conf will no longer be detected.

-- arthur - - --
To unsubscribe send an email to or see