[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 719
  • Last Modified:

ldap with visudo support

Hello

I need to setup ldap for our environment, as we are tired or adding / removing users on each server. therefore ldap will come handy.

I need to know if it is possible to control visudo permissions from ldap? therefore we could alter visudo on one server & it will propagate to other servers.

Thank you
0
atigris
Asked:
atigris
  • 3
  • 2
1 Solution
 
woolmilkporcCommented:
Hi,
here is a nice manual/HOWTO.
http://www.sudo.ws/sudo/sudoers.ldap.man.html
wmp
0
 
atigrisAuthor Commented:
thanks for the link woolmilkporc, do I have to add anything to the openldap server to support this feature? or this feature it is supported by default?

from the article I understand that  I need it to change settings in the following files to support this feature.

/etc/ldap.conf
LDAP configuration file

/etc/nsswitch.conf
determines sudoers source order

/etc/openldap/schema
create a sudo schema for ldap users

I have been once told  that I need to re-compile ldap with visudo support for this feature to work! I'm not sure if that is true?

Thanks
0
 
woolmilkporcCommented:
>> do I have to add anything to the openldap server <<
Of course the schema you mentioned, but nothing else, afaik.

You don't need to recompile LDAP, but you must recomple sudo to support LDAP, if you don't have an LDAP enabled binary version anyway.

And what do you mean with "visudo" support?
Since you don't need a sudoers file, you don't need "visudo" either.
I never heard that editing the LDAP entries by means of "visudo" should be possible.

The README.LDAP recommends using LDAP browsers for this.

Here it is: http://www.sudo.ws/sudo/readme_ldap.html

Good luck!

wmp
0
 
atigrisAuthor Commented:
Still working on it, I will get back to you on this soon. Thanks woolmilkporc:
0
 
atigrisAuthor Commented:
got it all figured out!
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now