issue with sudo_ldap

Dagobert Michelsen dam at opencsw.org
Mon Nov 7 15:06:09 CET 2016


Hi Stefan,

Am 07.11.2016 um 14:56 schrieb Stefan Maass <stefan.maass at syniverse.com>:
> Thanks for your reply!
> 
> I had seen the entry in the change log that you have mentioned below and I have tried using the -g switch as well, but it did not change anything. It just added one line into the output of the debug log other than that it does nothing and I am still not allowed to sudo as I was in the former sudo version.
> 
> Nov  7 13:37:36 sudo[158099] will restore signal 13 on exec
> Nov  7 13:37:36 sudo[158099] settings: runas_group=global_sysadmin
> Nov  7 13:37:36 sudo[158099] settings: progname=sudo
> Nov  7 13:37:36 sudo[158099] settings: network_addrs=10.161.120.147/255.255.254.0 10.161.146.18/255.255.255.0 10.161.146.26/255.255.255.0
> Nov  7 13:37:36 sudo[158099] settings: plugin_dir=/opt/csw/libexec/sudo/
> Nov  7 13:37:36 sudo[158099] policy plugin returns 0
> 
> It looks like it does not find the policy in LDAP that matches the right to switch user.

Maybe you can enable request logging on your LDAP server and see how the SEARCH request looks like?

> The other changes that have been done in regards of LDAP don't say much to me for now so I am not sure if they could be responsible for what I am facing.

Apart from that I would expect an upstream issue as nothing has changed regarding the
build perspective for OpenCSW.


Best regards

  — Dago

--
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.opencsw.org/pipermail/users/attachments/20161107/5aec113f/attachment-0001.asc>


More information about the users mailing list