lists.arthurdejong.org
RSS feed

RE: unknown keyword sudoers_base

[Date Prev][Date Next] [Thread Prev][Thread Next]

RE: unknown keyword sudoers_base



It seems as of sudo-1.7.4p5-11 the bug is fixed, it now uses 
/etc/sudo-ldap.conf, so put your "sudoers_base" line 
/etc/sudo-ldap.conf and obviously have you nsswitch.conf updated as mentioned 
earlier.
________________________________________
From: 
nss-pam-ldapd-users-bounces+vicente.sotomayor=state.ma.us@lists.arthurdejong.org
 
[nss-pam-ldapd-users-bounces+vicente.sotomayor=state.ma.us@lists.arthurdejong.org]
 On Behalf Of Arthur de Jong [arthur@arthurdejong.org]
Sent: Friday, December 28, 2012 8:44 AM
To: nss-pam-ldapd-users@lists.arthurdejong.org
Subject: Re: unknown keyword sudoers_base

On Fri, 2012-12-28 at 02:28 -0500, Subu Ayyagari wrote:
> Does nslcd support sudo ( rhel6) ?

Currently not. The sudo-ldap package doesn't use nslcd but an own
implementation of LDAP lookups. It shouldn't use nslcd.conf.

> 1) Adding "sudoers_base   ou=sudo,dc=example,dc=com" in nslcd.conf
>     complains that it is unknown keyword.
>
>
> 2) Not putting that line, complains "no valid sudoers sources found".

It is weird that sudo is parsing nslcd.conf for some reason. It should
probably be looking at /etc/ldap.conf or something similar. Perhaps some
file is incorrectly symlinked to nslcd.conf.

> Seen hacks of adding the line after nslcd starts.....but it does not
> sound right/production quality !!

I wouldn't recommend this because if you end up restarting nslcd it will
bail out. If you really want this you could recompile nslcd with the
--disable-configfile-checking configure setting but this will also mean
that any typo's in nslcd.conf will no longer be detected.

--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/