-
-
Notifications
You must be signed in to change notification settings - Fork 217
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sudo LDAP stopped working in 1.9.15 #325
Comments
I'm able to reproduce the problem. As a workaround you can edit /etc/sudo.conf to be:
replacing /etc/ldap.conf with where your ldap.conf file is located. |
millert
added a commit
that referenced
this issue
Nov 7, 2023
Fixes GitHub issue #325, a bug introduced in sudo 1.9.15.
This is fixed by sudo 1.9.15p1, available now. |
millert
added a commit
that referenced
this issue
Nov 9, 2023
This is less error-prone and would have avoided GitHub issue #325.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sudo LDAP was working for me with 1.9.14.p3, but broke with 1.9.15 on my setup and I haven't been able to determine why.
When I do
sudo -ll
withSUDOERS_DEBUG 2
in 1.9.14.p3 I get LDAP debug output indicating the correct things are happening, but with 1.9.15 there's no LDAP debug output at all. I simply get a password prompt followed by "not in sudoers file" and no indication LDAP is being queried. Reverting to 1.9.14.p3 restores the expected behavior.I'm not sure if this is an Arch packaging issue, sudo regression, or config issue on my end. Here's my relevant configs and LDAP objects. Please let me know if more info is needed to diagnose.
/etc/nsswitch.conf:
(I tried swapping
ldap
andfiles
but same result, and I prefer it checks local first anyway.)/etc/sudo.conf:
(That's the entirety of
sudo.conf
and I must admit I don't fully understand it but it worked for me in < 1.9.15.)/etc/openldap/ldap.conf:
(Perhaps
sudo
is looking for ldap.conf in a different place now? I'm not sure how to figure out where it checks but if that's the case it could be a packaging issue...)LDAP Group:
LDAP Sudo Role:
The text was updated successfully, but these errors were encountered: