fluxcoil wiki

Howtos and notes

User Tools

Site Tools

Sidebar

software:kerberos:crossrealm:9a_setup_ldapsudo
# on the sudo-client:
tar xzf sudo-1.6.8p12.tar.gz 
cd sudo-1.6.8p12
./configure --with-ldap --prefix=/opt/soft_sudo-1.6.8p12
make -j4 && make install

# on ldap-server:
# new schema for the ldap-directory, file /opt/soft_openldap-2.3.31/etc/openldap/schema/sudo.schema:
-----------------------------
#
#  schema file for sudo
#

attributetype ( 1.3.6.1.4.1.15953.9.1.1
      NAME 'sudoUser'
      DESC 'User(s) who may  run sudo'
      EQUALITY caseExactIA5Match
      SUBSTR caseExactIA5SubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.2
      NAME 'sudoHost'
      DESC 'Host(s) who may run sudo'
      EQUALITY caseExactIA5Match
      SUBSTR caseExactIA5SubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.3
      NAME 'sudoCommand'
      DESC 'Command(s) to be executed by sudo'
      EQUALITY caseExactIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.4
      NAME 'sudoRunAs'
      DESC 'User(s) impersonated by sudo'
      EQUALITY caseExactIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.15953.9.1.5
      NAME 'sudoOption'
      DESC 'Options(s) followed by sudo'
      EQUALITY caseExactIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
      DESC 'Sudoer Entries'
      MUST ( cn )
      MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $
            description )
      )
-----------------------------
# and add 'include /opt/soft_openldap-2.3.31/etc/openldap/schema/sudo.schema' to slapd.conf

# data to be written to the ldap-directory:
-----------------------------
dn: ou=sudoers,dc=fluxcoil,dc=net
objectClass: top
objectClass: organizationalUnit
ou: sudoers

dn: cn=defaults,ou=sudoers,dc=fluxcoil,dc=net
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
sudoOption: env_reset

dn: cn=tester0,ou=sudoers,dc=fluxcoil,dc=net
objectClass: top
objectClass: sudoRole
cn: tester0
sudoUser: tester0
sudoHost: ALL
sudoCommand: /bin/bash
sudoOption: !authenticate
-----------------------------

# add 2 options to clients /etc/ldap.conf:
-----------------------------
sudoers_base ou=sudoers,dc=fluxcoil,dc=net
sudoers_debug 0 # use 1 or 2 for debugging
-----------------------------

# now on client as tester0:
tester0@rhel4:~$id
uid=10000(tester0) gid=10000(group0) groups=10000(group0)
tester0@rhel4:~$/opt/soft_sudo-1.6.8p12/bin/sudo /bin/bash
root@rhel4:~$id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
software/kerberos/crossrealm/9a_setup_ldapsudo.txt ยท Last modified: 2022/11/13 12:06 by 127.0.0.1

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Driven by DokuWiki