(Answer) (Category) OpenLDAP Faq-O-Matic : (Category) Trash : (Answer) sudo via LDAP, works for one user and not for the rest of users
We have 3 user in ldap database (user1...user3) we are using sudo 1.8.4p1 with its schema
sudo wroks fine for user1 but not for the other users we are using debug 2.
first is the output debug and following an strace debug
1) [root@tcr03ldapunix01 openldap]# su user2 id: cannot find name for group ID 2000 [user2@tcr03ldapunix01 openldap]$ sudo -l LDAP Config Summary =================== uri ldap://tcr03ldapunix01.reg03.rtss.qc.ca/ ldap_version 3 sudoers_base ou=SUDOers,dc=reg03,dc=rtss,dc=qc,dc=ca binddn (anonymous) bindpw (anonymous) ssl (no) tls_checkpeer (no) tls_cacertdir /etc/pki/tls/certs =================== sudo: ldap_initialize(ld, ldap://tcr03ldapunix01.reg03.rtss.qc.ca/) sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: tls_checkpeer -> 0 sudo: ldap_set_option: tls_cacertdir -> /etc/pki/tls/certs sudo: ldap_sasl_bind_s() ok sudo: Looking for cn=defaults: cn=defaults sudo: found:cn=defaults,ou=SUDOers,dc=reg03,dc=rtss,dc=qc,dc=ca sudo: sudo_ldap_build_pass1 allocation mismatch

2)for user1 23160 write(2, "Looking for cn=defaults: cn=defa"..., 36) = 36 23160 write(2, "\n", 1) = 1 23160 time(NULL) = 1330106859 23160 write(5, "0O\2\1\2cJ\4'ou=SUDOers,dc=reg03,dc="..., 81) = 81 23160 poll([{fd=5, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, -1) = 1 ([{fd=5, revents=POLLIN}]) 23160 read(5, "0\201\260\2\1\2d\201", 8) = 8 23160 read(5, "\252\0043cn=defaults,ou=SUDOers,dc=reg"..., 171) = 171 23160 poll([{fd=5, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, -1) = 1 ([{fd=5, revents=POLLIN}]) 23160 read(5, "0\f\2\1\2e\7\n", 8) = 8 23160 read(5, "\1\0\4\0\4\0", 6) = 6 23160 write(2, "sudo", 4) = 4 23160 write(2, ": ", 2) = 2 23160 write(2, "found:cn=defaults,ou=SUDOers,dc="..., 57) = 57 23160 write(2, "\n", 1) = 1 23160 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 6 23160 fstat64(6, {st_mode=S_IFREG|0644, st_size=2001, ...}) = 0 23160 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7882000 23160 read(6, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2001 23160 close(6) = 0 23160 munmap(0xb7882000, 4096) = 0 23160 setresuid32(2001, -1, -1) = 0 23160 setresgid32(2000, 2000, 2000) = 0 23160 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 23160 getresuid32([2001], [0], [0]) = 0 23160 getresgid32([2000], [2000], [2000]) = 0 23160 write(2, "sudo", 4) = 4 23160 write(2, ": ", 2) = 2 23160 write(2, "ldap search '(|(sudoUser=user1)("..., 160) = 160 23160 write(2, "\n", 1) = 1 23160 write(2, "sudo", 4) = 4 23160 write(2, ": ", 2) = 2 23160 write(2, "searching from base 'ou=SUDOers,"..., 61) = 61 23160 write(2, "\n", 1) = 1 23160 time(NULL) = 1330106859 23160 write(5, "0\201\352\2\1\3c\201\344\4'ou=SUDOers,dc=reg03,d"..., 237) = 237 23160 poll([{fd=5, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, -1) = 1 ([{fd=5, revents=POLLIN}]) 23160 read(5, "0\201\300\2\1\3d\201", 8) = 8 23160 read(5, "\272\0043cn=TCRADMIN,ou=SUDOers,dc=reg"..., 187) = 187 23160 poll([{fd=5, events=POLLIN|POLLPRI|POLLE
for user2 23039 write(2, "Looking for cn=defaults: cn=defa"..., 36) = 36 23039 write(2, "\n", 1) = 1 23039 time(NULL) = 1330106631 23039 write(5, "0O\2\1\2cJ\4'ou=SUDOers,dc=reg03,dc="..., 81) = 81 23039 poll([{fd=5, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, -1) = 1 ([{fd=5, revents=POLLIN}]) 23039 read(5, "0\201\260\2\1\2d\201", 8) = 8 23039 read(5, "\252\0043cn=defaults,ou=SUDOers,dc=reg"..., 171) = 171 23039 poll([{fd=5, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, -1) = 1 ([{fd=5, revents=POLLIN}]) 23039 read(5, "0\f\2\1\2e\7\n", 8) = 8 23039 read(5, "\1\0\4\0\4\0", 6) = 6 23039 write(2, "sudo", 4) = 4 23039 write(2, ": ", 2) = 2 23039 write(2, "found:cn=defaults,ou=SUDOers,dc="..., 57) = 57 23039 write(2, "\n", 1) = 1 23039 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 6 23039 fstat64(6, {st_mode=S_IFREG|0644, st_size=2001, ...}) = 0 23039 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7775000 23039 read(6, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 2001 23039 close(6) = 0 23039 munmap(0xb7775000, 4096) = 0 23039 setresuid32(2002, -1, -1) = 0 23039 setresgid32(2000, 2000, 2000) = 0 23039 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 23039 getresuid32([2002], [0], [0]) = 0 23039 getresgid32([2000], [2000], [2000]) = 0 23039 write(2, "sudo", 4) = 4 23039 write(2, ": ", 2) = 2 23039 write(2, "sudo_ldap_build_pass1 allocation"..., 41) = 41 23039 write(2, "\n", 1) = 1 23039 close(4) = 0 23039 munmap(0xb7776000, 4096) = 0 23039 write(5, "0\5\2\1\3B\0", 7) = 7 23039 shutdown(5, 2 /* send and receive */) = 0 23039 close(5) = 0 23039 shutdown(-1, 2 /* send and receive */) = -1 EBADF (Bad file descriptor) 23039 close(-1) = -1 EBADF (Bad file descriptor) 23039 poll([{fd=3, events=POLLIN|POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}]) 23039 poll([{fd=3, events=POLLOUT}], 1, 300000) = 1 ([{fd=3, revents=POLLOUT}])
does anyone have an idea pourqoui no research is done to user2?
Thans for you help



Jean_Brown@ssss.gouv.qc.ca

[Append to This Answer]
Previous: (Answer) How to configure
Next: (Answer) New Item
This document is: http://www.openldap.org/faq/index.cgi?file=1531
[Search] [Appearance]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org