-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/11/2010, at 09:16, bluethundr wrote:
I have created a symlink from /etc/openldap/ldap.conf to /etc/ldap.conf... that seems to have gotten the majority of the system communicating with PAM/LDAP. I guess that making a .ldaprc file in the users home directory and putting those directives in there would be about the equivalent.
The only thing eluding me currently is getting the client to listen to sudoers which is currently working thru ldap on the ldap server itself.
[root@VIRCENT03:~]#cat /etc/pam.d/sudo #%PAM-1.0 auth include system-auth auth required pam_ldap.so account include system-auth account required pam_ldap.so password include system-auth password required pam_ldap.so session optional pam_keyinit.so revoke session required pam_limits.so session required pam_ldap.so
AFAIK the above should get pam_ldap communicating with the LDAP server on the behalf of sudoers. the other pam configs (such as sshd and su) appear to be getting their info from the system auth which is currently communicating with the LDAP server.
Does anyone have any tips on how to get sudoers working through pam /ldap?
thanks!!
I have had a similar issue on my OpenLDAP setup. I have a posixgroup in ldap, into which i placed a list of users for sudo access, and it never works. both full dn, and just the uid or id number of the user in the posixgroup dont work.
Sudo supports some LDAP based configuration from what i understand, but i think that is different to what you are trying to achieve in this case.
-- Here's my RSA Public key: gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9
Share and enjoy!!
William Brown
pgp.mit.edu