OpenLDAP Faq-O-Matic : Trash : sudo via LDAP, works for one user and not for the rest of users | |
We have 3 user in ldap database (user1...user3) we are using sudo 1.8.4p1 with its schema sudo wroks fine for user1 but not for the other users we are using debug 2. first is the output debug and following an strace debug 1) [root@tcr03ldapunix01 openldap]# su user2 id: cannot find name for group ID 2000 [user2@tcr03ldapunix01 openldap]$ sudo -l LDAP Config Summary =================== uri ldap://tcr03ldapunix01.reg03.rtss.qc.ca/ ldap_version 3 sudoers_base ou=SUDOers,dc=reg03,dc=rtss,dc=qc,dc=ca binddn (anonymous) bindpw (anonymous) ssl (no) tls_checkpeer (no) tls_cacertdir /etc/pki/tls/certs =================== sudo: ldap_initialize(ld, ldap://tcr03ldapunix01.reg03.rtss.qc.ca/) sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: tls_checkpeer -> 0 sudo: ldap_set_option: tls_cacertdir -> /etc/pki/tls/certs sudo: ldap_sasl_bind_s() ok sudo: Looking for cn=defaults: cn=defaults sudo: found:cn=defaults,ou=SUDOers,dc=reg03,dc=rtss,dc=qc,dc=ca sudo: sudo_ldap_build_pass1 allocation mismatch
2)for user1
23160 write(2, "Looking for cn=defaults: cn=defa"..., 36) = 36
23160 write(2, "\n", 1) = 1
23160 time(NULL) = 1330106859
23160 write(5, "0O\2\1\2cJ\4'ou=SUDOers,dc=reg03,dc="..., 81) = 81
23160 poll([{fd=5, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, -1) = 1 ([{fd=5, revents=POLLIN}])
23160 read(5, "0\201\260\2\1\2d\201", 8) = 8
23160 read(5, "\252\0043cn=defaults,ou=SUDOers,dc=reg"..., 171) = 171
23160 poll([{fd=5, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, -1) = 1 ([{fd=5, revents=POLLIN}])
23160 read(5, "0\f\2\1\2e\7\n", 8) = 8
23160 read(5, "\1\0\4\0\4\0", 6) = 6
23160 write(2, "sudo", 4) = 4
23160 write(2, ": ", 2) = 2
23160 write(2, "found:cn=defaults,ou=SUDOers,dc="..., 57) = 57
23160 write(2, "\n", 1) = 1
23160 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 6
23160 fstat64(6, {st_mode=S_IFREG|0644, st_size=2001, ...}) = 0
23160 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7882000
23160 read(6, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2001
23160 close(6) = 0
23160 munmap(0xb7882000, 4096) = 0
23160 setresuid32(2001, -1, -1) = 0
23160 setresgid32(2000, 2000, 2000) = 0
23160 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
23160 getresuid32([2001], [0], [0]) = 0
23160 getresgid32([2000], [2000], [2000]) = 0
23160 write(2, "sudo", 4) = 4
23160 write(2, ": ", 2) = 2
23160 write(2, "ldap search '(|(sudoUser=user1)("..., 160) = 160
23160 write(2, "\n", 1) = 1
23160 write(2, "sudo", 4) = 4
23160 write(2, ": ", 2) = 2
23160 write(2, "searching from base 'ou=SUDOers,"..., 61) = 61
23160 write(2, "\n", 1) = 1
23160 time(NULL) = 1330106859
23160 write(5, "0\201\352\2\1\3c\201\344\4'ou=SUDOers,dc=reg03,d"..., 237) = 237
23160 poll([{fd=5, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, -1) = 1 ([{fd=5, revents=POLLIN}])
23160 read(5, "0\201\300\2\1\3d\201", 8) = 8
23160 read(5, "\272\0043cn=TCRADMIN,ou=SUDOers,dc=reg"..., 187) = 187
23160 poll([{fd=5, events=POLLIN|POLLPRI|POLLE | |
[Append to This Answer] |
Previous: | How to configure |
Next: | New Item |
|