Results 1 to 3 of 3

Thread: How to add an user or a group to sudoers with OpenLDAP

  1. #1
    Join Date
    Sep 2010
    Beans
    20

    How to add an user or a group to sudoers with OpenLDAP

    I followed the following guide to install and configure LDAP for SUDO support on Ubuntu server 12.04
    http://ubuntuforums.org/showthread.php?t=1421998

    My question is how to add an user and a group to sudoers?

    Thanks,

    Alex
    Last edited by webappl; October 30th, 2013 at 01:18 AM.

  2. #2
    Join Date
    Nov 2008
    Location
    Storybrooke
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: How to add an user or a group to sudoers with OpenLDAP

    Quote Originally Posted by webappl View Post
    I followed the following guide to install and configure LDAP for SUDO support on Ubuntu server 12.04
    http://ubuntuforums.org/showthread.php?t=1421998

    My question is how to add an user and a group to sudoers?

    Thanks,

    Alex
    Is the group using the PosixGroup or GroupOfNames objectclass

    If you are using posixGroup, just set the group name in the sudoers file

    Code:
    root@stargirl-bx2:~# id kathryn
    uid=1001(kathryn) gid=502(global_administrators) groups=501(webhosting),502(global_administrators),504(gameserver_admins),506(gameserver_super_admins),507(redmine-108),508(mysql-109),509(webserver-114)
    Take the group name (in this case, global_administrators), and put it in /etc/sudoers
    Code:
    %global_administrators ALL=(ALL:ALL) ALL
    Ubuntu Forums Moderation Staff
    Okay then. We're relying on mirror dust and fairies but now we have a plan which is progress - Emma

  3. #3
    Join Date
    Sep 2010
    Beans
    20

    Re: How to add an user or a group to sudoers with OpenLDAP

    Thanks for you reply Sandyd.

    I found a simple solution. When configuring sudo-ldap according to the guide in my first post, an entry with cn=%admin,ou=SUDOers,... has been added to the LDAP schema, which states that any user within group 'admin' will be sudoers. So we can simply add a group called 'admin' if it does not exist and then assign the user to admin group.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •