The default version of sudo that comes with Ubuntu is compiled without LDAP support. If you want the ldap-enabled version, install the 'sudo-ldap' package.
On Fri, Nov 19, 2010 at 2:23 PM, bluethundr <[email protected]> wrote: > Hello Ubuntu > > On our network we have our sudoers stored in LDAP. This works fine on > the CentOS 5.4 clients by placing into /etc/ldap.conf > > > sudoers_base ou=sudoers,ou=Services,dc=example,dc=net > > > and in /etc/nsswitch.conf we have the entry: > > > sudoers: ldap > > > (setting this setting to just 'ldap' instead of 'files ldap' does not > render the machine unbootable as happens if you set passwd and group > this way). > > However I am attempting to set this up on an Ubuntu 9.10 client and > getting no joy so far. I have the same settings in /etc/ldap.conf and > /etc/nsswitch.conf and cannot get sudoers to work. > > On the Ubuntu box, I can get LDAP entries by typing in getent passwd | > grep ldapAccount, however when you attempt to sudo it fails: > > > bluethu...@ubuntu3:~$ sudo bash >>>> /etc/sudoers: syntax error near line 0 <<< > sudo: parse error in /etc/sudoers near line 0 > sudo: no valid sudoers sources found, quitting > > > We leave our sudoers file blank intentionally in order to manage this > via LDAP. Again, this problem is ONLY happening under Ubuntu and not > under Centos 5.4. > > The only real difference that I see between the two clients is the > sudo version. Could it be that under ubuntu LDAP sudo support isn't > compiled in? if so how to recompile it so that it does? > > CentOS 5.4 sudo version: > > [r...@ldap2 ~]# sudo -V > Sudo version 1.7.2p1 > > > Ubuntu 9.10 sudo version: > > > r...@ubuntu3:~# sudo -V > Sudo version 1.7.0 > > > > > [r...@ldap2 ~]# sudo -V > Sudo version 1.7.2p1 > > > And here are the linkages: > > CentOS 5.4: > > > [r...@ldap2 ~]# ldd $(which sudo) > libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aaaaacc8000) > libcap.so.1 => /lib64/libcap.so.1 (0x00002aaaaaee0000) > libpam.so.0 => /lib64/libpam.so.0 (0x00002aaaab0e4000) > libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaab2f0000) > libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0 (0x00002aaaab4f4000) > libc.so.6 => /lib64/libc.so.6 (0x00002aaaab72e000) > libaudit.so.0 => /lib64/libaudit.so.0 (0x00002aaaaba86000) > liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0 (0x00002aaaabc9e000) > libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aaaabeac000) > /lib64/ld-linux-x86-64.so.2 (0x00002aaaaaaab000) > libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aaaac0f3000) > libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00002aaaac308000) > libssl.so.6 => /lib64/libssl.so.6 (0x00002aaaac521000) > libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002aaaac76e000) > libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002aaaacabf000) > libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 > (0x00002aaaaccf7000) > libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aaaacf26000) > libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aaaad1bb000) > libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aaaad3bd000) > libz.so.1 => /usr/lib64/libz.so.1 (0x00002aaaad5e3000) > libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 > (0x00002aaaad7f7000) > libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aaaad9ff000) > > > > Ubuntu 9.10 > > bluethu...@ubuntu3:~$ ldd $(which sudo) > linux-gate.so.1 => (0x00914000) > libpam.so.0 => /lib/libpam.so.0 (0x00753000) > libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0x00223000) > libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0x00fa1000) > libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x004f1000) > liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0x00f35000) > /lib/ld-linux.so.2 (0x00d75000) > libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0x00345000) > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x008d0000) > libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00b77000) > libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0x002e3000) > libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x001df000) > libz.so.1 => /lib/libz.so.1 (0x007d6000) > libgcrypt.so.11 => /lib/libgcrypt.so.11 (0x003f3000) > libgpg-error.so.0 => /lib/libgpg-error.so.0 (0x00110000) > > > > Thanks for any input you may have! > > -- > Here's my RSA Public key: > gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9 > > Share and enjoy!! > -- Mark J. Reed <[email protected]>
