A quite trivial issue I have :
I have installed centralized policy sudo rules in ldap server (I use "schema.OpenLDAP" from "http://www.sudo.ws" ).
I also have configured linux clients to check ldap rules to grant sudo access to certain ressources ( I declared "sudoers_base" in nslcd.conf and "sudoers: ldap" in nsswitch.conf ).
That works, but I'm still not happy :-)
To make it work, I need to authorize reading on the sudoers DIT branch for user, which I would like to avoid ( BTW, normally /etc/sudoers is not readable by users ).
Anyone knows any way to remove sudo rules reading rights to usual users while having rules working for everyone ( I was thinking about an ldap proxy user used to read sudo rules in ldap, but I haven't found how to declare it ) ?
Thanks,
--- Olivier