Re: sudoers in ldap?

To: debian-edu@lists.debian.org
Subject: Re: sudoers in ldap?
From: "Andreas B. Mundt" <andi.mundt@web.de>
Date: Fri, 14 May 2010 20:43:55 +0200
Message-id: <[🔎] 20100514184355.GA12116@flashgordon>
Mail-followup-to: debian-edu@lists.debian.org
In-reply-to: <[🔎] 20100514180107.GB30252@login1.uio.no>
References: <[🔎] 20100514080455.GA5088@flashgordon> <[🔎] 20100514180107.GB30252@login1.uio.no>

Hi,

On Fri, May 14, 2010 at 08:01:07PM +0200, Petter Reinholdtsen wrote:
> [Andreas B. Mundt]
> > I started now to define a cf rule to edit /etc/sudoers, but hit the
> > package sudo-ldap, which might be a better idea: No policy violating
> > editing of config files but just adding the information to our ldap
> > bootstrapping.
> 
> How does it work?  Is it providing a global set of sudo rules in LDAP,
> or sudo rules per machine?  I suspect it is unlikely a school want to
> set up sudo the same way on all machines, and thus am unsure if
> sudoers should be in LDAP.

It provides exactly the same options as a sudoers file. There is a
conversion script to translate your sudoers file into a ldif-file
which can be added to ldap.

It looks like the following in gosa:
You can define a sudo role:

A Role contains: 
  -users or groups this role applies to
  -allowed commands
  -machine(s) the role applies to 
  -and the userID the commands are executed as

In addition, you can choose from a long list of options, so it looks
as if you can modify and define anything you can define in a standard
sudoers file.

Cheers,

	Andi

Reply to:

Follow-Ups:
- Re: sudoers in ldap?
  - From: Petter Reinholdtsen <pere@hungry.com>

References:
- sudoers in ldap?
  - From: "Andreas B. Mundt" <andi.mundt@web.de>
- Re: sudoers in ldap?
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Re: sudoers in ldap?
Next by Date: Re: sudoers in ldap?
Previous by thread: Re: sudoers in ldap?
Next by thread: Re: sudoers in ldap?
Index(es):
- Date
- Thread