Michael Hammer/ blog/ Configure sudo to retrieve sudoers from LDAP

Home

About me

Blog

Software

Projects

Science

Teaching

c++ debian electronics gentoo hardware howto mac privat software

Since 1.7.0 there is a new nsswitch.conf config option you have to set if you want to use LDAP for sudoer resolution.

On Gentoo you have to configure the /etc/ldap.conf.sudo with something like:

uri ldaps://foobar.example.net

ldap_version 3

ssl on

bind_timelimit 30
timelimit 30

sudoers_base ou=Sudoers,dc=example,dc=net
#sudoers_debug 2

You can use sudoers_debug 2 to get some debug informations. (I am not explaining how to create the sudo entries in ldap as there is a really good readme here)

The new thing for me was the nsswitch in the new release which is documented in the manpage. Therefore I am adding the following line to my /etc/nsswitch.conf:

sudoers: ldap files

And here we go - sudo with ldap is working again. Happy hacking!