===== serverpart: OpenLDAP on RHEL6 =====
# server
cp /usr/share/doc/sudo-*/schema.OpenLDAP /etc/openldap/schema/sudo.schema
### old, if /etc/openldap/slapd.conf exists
cd /etc/openldap
vi slapd.conf
# a) make sure sudo schema is contained
# b) index sudoUser eq
service slapd stop
rm -rf /etc/openldap/slapd.d/*
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
### new config style
# adding schema new style: https://www.linuxquestions.org/questions/linux-server-73/how-to-add-a-new-schema-to-openldap-2-4-11-a-700452/
cat >/tmp/schema_convert.conf</etc/openldap/initial_sudo.ldif< /etc/openldap/sudoers.ldif
ldapadd -x -D cn=manager,dc=fluxcoil,dc=net -w redhat -f /etc/openldap/sudoers.ldif
===== serverpart: Red Hat Directory Server =====
Alternatively to OpenLDAP, 389 or RHDS can be used. RHDS9 already contains the sudo-ldap schema.
===== rhel6 on client, sudo/ldap directly =====
cat >/etc/nss_ldap.conf<>/etc/nsswitch.conf
sudo -l -U user1
# should now show the sudo map from ldap
===== sudo/ldap and netgroup example objects =====
# sudo objects
# SUDOers, fluxcoil.net
dn: ou=SUDOers,dc=fluxcoil,dc=net
objectClass: top
objectClass: organizationalUnit
ou: SUDOers
# root, SUDOers, fluxcoil.net
dn: cn=root,ou=SUDOers,dc=fluxcoil,dc=net
objectClass: top
objectClass: sudoRole
cn: root
sudoUser: root
sudoHost: ALL
sudoRunAsUser: ALL
sudoCommand: ALL
sudoOrder: 2
# user1, SUDOers, fluxcoil.net
dn: cn=user1,ou=SUDOers,dc=fluxcoil,dc=net
objectClass: top
objectClass: sudoRole
cn: user1
sudoUser: user1
sudoHost: ALL
sudoRunAsUser: ALL
sudoCommand: /bin/ls
sudoOption: !authenticate
sudoOrder: 3
# defaults, SUDOers, fluxcoil.net
dn: cn=defaults,ou=SUDOers,dc=fluxcoil,dc=net
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
sudoOption: requiretty
sudoOption: !visiblepw
sudoOption: always_set_home
sudoOption: env_reset
sudoOrder: 1
# rule0, SUDOers, fluxcoil.net
dn: cn=rule0,ou=SUDOers,dc=fluxcoil,dc=net
cn: rule0
objectClass: sudoRole
objectClass: top
sudoUser: +netgr0
sudoHost: ALL
sudoCommand: /sbin/service httpd restart
# Netgroup, fluxcoil.net
dn: ou=Netgroup,dc=fluxcoil,dc=net
objectClass: top
objectClass: organizationalUnit
ou: Netgroup
# netgr0, Netgroup, fluxcoil.net
dn: cn=netgr0,ou=Netgroup,dc=fluxcoil,dc=net
objectClass: nisNetgroup
objectClass: top
cn: netgr0
nisNetgroupTriple: (,user0,)
# users, fluxcoil.net
dn: ou=users,dc=fluxcoil,dc=net
objectClass: organizationalUnit
objectClass: top
ou: users
# user0, users, fluxcoil.net
dn: cn=user0,ou=users,dc=fluxcoil,dc=net
objectClass: person
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: top
cn: user0
givenName: Christian
sn: Horn
mail: chorm@domain.net
preferredLanguage: en
telephoneNumber: +123 345
l: muc
departmentNumber: X labs
uid: user0
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/user0
loginShell: /bin/bash
# user1, users, fluxcoil.net
dn: cn=user1,ou=users,dc=fluxcoil,dc=net
objectClass: person
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: top
cn: user1
givenName: Christian
sn: Horn
mail: chorm@domain.net
preferredLanguage: en
telephoneNumber: +123 345
l: muc
departmentNumber: X labs
uid: user1
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/user1
loginShell: /bin/bash
# Groups, fluxcoil.net
dn: ou=Groups,dc=fluxcoil,dc=net
objectClass: top
objectClass: organizationalunit
ou: Groups
# group0, Groups, fluxcoil.net
dn: cn=group0,ou=Groups,dc=fluxcoil,dc=net
objectClass: posixGroup
objectClass: top
cn: group0
gidNumber: 1000
# group1, Groups, fluxcoil.net
dn: cn=group1,ou=Groups,dc=fluxcoil,dc=net
objectClass: posixGroup
objectClass: top
cn: group1
gidNumber: 1001