Trace: sony_walkman_and_linux thinkpad_t41 thinkpad_x200 0verview 1_setup_kdc 2_setup_openldap 3_setup_bind 5_configure_sol10_client 7_setup_crossrealm 9a_setup_ldapsudo
 
Page Actions
Wiki Actions
User Actions
Submit This Story
 
# on the sudo-client:
tar xzf sudo-1.6.8p12.tar.gz 
cd sudo-1.6.8p12
./configure --with-ldap --prefix=/opt/soft_sudo-1.6.8p12
make -j4 && make install

# on ldap-server:
# new schema for the ldap-directory, file /opt/soft_openldap-2.3.31/etc/openldap/schema/sudo.schema:
-----------------------------
#
#  schema file for sudo
#

attributetype ( 1.3.6.1.4.1.15953.9.1.1
      NAME 'sudoUser'
      DESC 'User(s) who may  run sudo'
      EQUALITY caseExactIA5Match
      SUBSTR caseExactIA5SubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.2
      NAME 'sudoHost'
      DESC 'Host(s) who may run sudo'
      EQUALITY caseExactIA5Match
      SUBSTR caseExactIA5SubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.3
      NAME 'sudoCommand'
      DESC 'Command(s) to be executed by sudo'
      EQUALITY caseExactIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.4
      NAME 'sudoRunAs'
      DESC 'User(s) impersonated by sudo'
      EQUALITY caseExactIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.5
      NAME 'sudoOption'
      DESC 'Options(s) followed by sudo'
      EQUALITY caseExactIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
      DESC 'Sudoer Entries'
      MUST ( cn )
      MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $
            description )
      )
-----------------------------
# and add 'include /opt/soft_openldap-2.3.31/etc/openldap/schema/sudo.schema' to slapd.conf

# data to be written to the ldap-directory:
-----------------------------
dn: ou=sudoers,dc=fluxcoil,dc=net
objectClass: top
objectClass: organizationalUnit
ou: sudoers

dn: cn=defaults,ou=sudoers,dc=fluxcoil,dc=net
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
sudoOption: env_reset

dn: cn=tester0,ou=sudoers,dc=fluxcoil,dc=net
objectClass: top
objectClass: sudoRole
cn: tester0
sudoUser: tester0
sudoHost: ALL
sudoCommand: /bin/bash
sudoOption: !authenticate
-----------------------------

# add 2 options to clients /etc/ldap.conf:
-----------------------------
sudoers_base ou=sudoers,dc=fluxcoil,dc=net
sudoers_debug 0 # use 1 or 2 for debugging
-----------------------------

# now on client as tester0:
tester0@rhel4:~$id
uid=10000(tester0) gid=10000(group0) groups=10000(group0)
tester0@rhel4:~$/opt/soft_sudo-1.6.8p12/bin/sudo /bin/bash
root@rhel4:~$id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
 
kerberos/9a_setup_ldapsudo.txt · Last modified: 2010/01/15 20:31 (external edit)     Back to top
Get Firefox! Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki