You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sudo LDAP was working for me with 1.9.14.p3, but broke with 1.9.15 on my setup and I haven't been able to determine why.
When I do sudo -ll with SUDOERS_DEBUG 2 in 1.9.14.p3 I get LDAP debug output indicating the correct things are happening, but with 1.9.15 there's no LDAP debug output at all. I simply get a password prompt followed by "not in sudoers file" and no indication LDAP is being queried. Reverting to 1.9.14.p3 restores the expected behavior.
I'm not sure if this is an Arch packaging issue, sudo regression, or config issue on my end. Here's my relevant configs and LDAP objects. Please let me know if more info is needed to diagnose.
/etc/nsswitch.conf:
# ...
sudoers: files ldap
# ...
(I tried swapping ldap and files but same result, and I prefer it checks local first anyway.)
(That's the entirety of sudo.conf and I must admit I don't fully understand it but it worked for me in < 1.9.15.)
/etc/openldap/ldap.conf:
URI ldapi://%2frun%2fopenldap%2fslapd.sock
BASE o=home
ROOTBINDDN cn=sudo,ou=roles,o=home
SUDOERS_BASE o=home
SUDOERS_DEBUG 2
(Perhaps sudo is looking for ldap.conf in a different place now? I'm not sure how to figure out where it checks but if that's the case it could be a packaging issue...)
dn: cn=super-sudo,ou=sudoers,o=home
objectClass: sudoRole
cn: super-sudo
sudoCommand: ALL
sudoHost: ALL
sudoOption: !authenticate
sudoRunAsGroup: ALL
sudoRunAsUser: ALL
sudoUser: %super-sudo
The text was updated successfully, but these errors were encountered:
Sudo LDAP was working for me with 1.9.14.p3, but broke with 1.9.15 on my setup and I haven't been able to determine why.
When I do
sudo -ll
withSUDOERS_DEBUG 2
in 1.9.14.p3 I get LDAP debug output indicating the correct things are happening, but with 1.9.15 there's no LDAP debug output at all. I simply get a password prompt followed by "not in sudoers file" and no indication LDAP is being queried. Reverting to 1.9.14.p3 restores the expected behavior.I'm not sure if this is an Arch packaging issue, sudo regression, or config issue on my end. Here's my relevant configs and LDAP objects. Please let me know if more info is needed to diagnose.
/etc/nsswitch.conf:
(I tried swapping
ldap
andfiles
but same result, and I prefer it checks local first anyway.)/etc/sudo.conf:
(That's the entirety of
sudo.conf
and I must admit I don't fully understand it but it worked for me in < 1.9.15.)/etc/openldap/ldap.conf:
(Perhaps
sudo
is looking for ldap.conf in a different place now? I'm not sure how to figure out where it checks but if that's the case it could be a packaging issue...)LDAP Group:
LDAP Sudo Role:
The text was updated successfully, but these errors were encountered: