Results 1 to 1 of 1

Thread: sudoers won't talk to LDAP

  1. #1
    Join Date
    Nov 2008
    Beans
    100

    Post sudoers won't talk to LDAP

    Hello Ubuntu

    On our network we have our sudoers stored in LDAP. This works fine on the CentOS 5.4 clients by placing into /etc/ldap.conf

    Code:
    sudoers_base ou=sudoers,ou=Services,dc=example,dc=net
    and in /etc/nsswitch.conf we have the entry:

    Code:
    sudoers: ldap
    (setting this setting to just 'ldap' instead of 'files ldap' does not render the machine unbootable as happens if you set passwd and group this way).

    However I am attempting to set this up on an Ubuntu 9.10 client and getting no joy so far. I have the same settings in /etc/ldap.conf and /etc/nsswitch.conf and cannot get sudoers to work.

    On the Ubuntu box, I can get LDAP entries by typing in getent passwd | grep ldapAccount, however when you attempt to sudo it fails:

    Code:
    bluethundr@ubuntu3:~$ sudo bash
    >>> /etc/sudoers: syntax error near line 0 <<<
    sudo: parse error in /etc/sudoers near line 0
    sudo: no valid sudoers sources found, quitting
    We leave our sudoers file blank intentionally in order to manage this via LDAP. Again, this problem is ONLY happening under Ubuntu and not under Centos 5.4.

    The only real difference that I see between the two clients is the sudo version. Could it be that under ubuntu LDAP sudo support isn't compiled in? if so how to recompile it so that it does?

    CentOS 5.4 sudo version:
    Code:
    [root@ldap2 ~]# sudo -V
    Sudo version 1.7.2p1
    Ubuntu 9.10 sudo version:

    Code:
    root@ubuntu3:~# sudo -V
    Sudo version 1.7.0

    Code:
    [root@ldap2 ~]# sudo -V
    Sudo version 1.7.2p1
    And here are the linkages:

    CentOS 5.4:

    Code:
    [root@ldap2 ~]# ldd $(which sudo)
    	libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aaaaacc8000)
    	libcap.so.1 => /lib64/libcap.so.1 (0x00002aaaaaee0000)
    	libpam.so.0 => /lib64/libpam.so.0 (0x00002aaaab0e4000)
    	libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaab2f0000)
    	libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0 (0x00002aaaab4f4000)
    	libc.so.6 => /lib64/libc.so.6 (0x00002aaaab72e000)
    	libaudit.so.0 => /lib64/libaudit.so.0 (0x00002aaaaba86000)
    	liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0 (0x00002aaaabc9e000)
    	libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aaaabeac000)
    	/lib64/ld-linux-x86-64.so.2 (0x00002aaaaaaab000)
    	libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aaaac0f3000)
    	libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00002aaaac308000)
    	libssl.so.6 => /lib64/libssl.so.6 (0x00002aaaac521000)
    	libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002aaaac76e000)
    	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002aaaacabf000)
    	libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002aaaaccf7000)
    	libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aaaacf26000)
    	libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aaaad1bb000)
    	libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aaaad3bd000)
    	libz.so.1 => /usr/lib64/libz.so.1 (0x00002aaaad5e3000)
    	libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002aaaad7f7000)
    	libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aaaad9ff000)

    Ubuntu 9.10
    Code:
    bluethundr@ubuntu3:~$ ldd $(which sudo)
    	linux-gate.so.1 =>  (0x00914000)
    	libpam.so.0 => /lib/libpam.so.0 (0x00753000)
    	libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0x00223000)
    	libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0x00fa1000)
    	libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x004f1000)
    	liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0x00f35000)
    	/lib/ld-linux.so.2 (0x00d75000)
    	libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0x00345000)
    	libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x008d0000)
    	libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00b77000)
    	libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0x002e3000)
    	libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x001df000)
    	libz.so.1 => /lib/libz.so.1 (0x007d6000)
    	libgcrypt.so.11 => /lib/libgcrypt.so.11 (0x003f3000)
    	libgpg-error.so.0 => /lib/libgpg-error.so.0 (0x00110000)

    Thanks for any input you may have!
    Attached Files Attached Files
    Last edited by bluethundr; November 19th, 2010 at 07:16 PM. Reason: refined question

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •