ldap with visudo support

Posted on 2010-09-03
Last Modified: 2013-12-24

I need to setup ldap for our environment, as we are tired or adding / removing users on each server. therefore ldap will come handy.

I need to know if it is possible to control visudo permissions from ldap? therefore we could alter visudo on one server & it will propagate to other servers.

Thank you
Question by:atigris
  • 3
  • 2
LVL 68

Accepted Solution

woolmilkporc earned 500 total points
ID: 33595684
here is a nice manual/HOWTO.

Author Comment

ID: 33605794
thanks for the link woolmilkporc, do I have to add anything to the openldap server to support this feature? or this feature it is supported by default?

from the article I understand that  I need it to change settings in the following files to support this feature.

LDAP configuration file

determines sudoers source order

create a sudo schema for ldap users

I have been once told  that I need to re-compile ldap with visudo support for this feature to work! I'm not sure if that is true?

LVL 68

Expert Comment

ID: 33606110
>> do I have to add anything to the openldap server <<
Of course the schema you mentioned, but nothing else, afaik.

You don't need to recompile LDAP, but you must recomple sudo to support LDAP, if you don't have an LDAP enabled binary version anyway.

And what do you mean with "visudo" support?
Since you don't need a sudoers file, you don't need "visudo" either.
I never heard that editing the LDAP entries by means of "visudo" should be possible.

The README.LDAP recommends using LDAP browsers for this.

Here it is:

Good luck!


Author Comment

ID: 33716818
Still working on it, I will get back to you on this soon. Thanks woolmilkporc:

Author Closing Comment

ID: 33719287
got it all figured out!

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now