bluethundr wrote: > I have created a symlink from /etc/openldap/ldap.conf to > /etc/ldap.conf... that seems to have gotten the majority of the system
This is a RHEL-based linux system, right? If so, you don't want to do that. They serve two completely different services. /etc/openldap/ldap.conf is used by the ldap client command-line tools (ldapsearch, ldapadd, etc.). And I've confirmed that it's used by the the name service switch, too. I don't think last part os documented anywhere. /etc/ldap.conf is for the pam_ldap module. If adding that symlink fixed your problem, I think there's something else wrong with your system. > communicating with PAM/LDAP. I guess that making a .ldaprc file in the > users home directory and putting those directives in there would be > about the equivalent. > > The only thing eluding me currently is getting the client to listen to > sudoers which is currently working thru ldap on the ldap server > itself. > > [r...@vircent03:~]#cat /etc/pam.d/sudo > #%PAM-1.0 > auth include system-auth > auth required pam_ldap.so > account include system-auth > account required pam_ldap.so > password include system-auth > password required pam_ldap.so > session optional pam_keyinit.so revoke > session required pam_limits.so > session required pam_ldap.so > > > AFAIK the above should get pam_ldap communicating with the LDAP server > on the behalf of sudoers. the other pam configs (such as sshd and su) > appear to be getting their info from the system auth which is > currently communicating with the LDAP server. > > Does anyone have any tips on how to get sudoers working through pam /ldap? > > thanks!! > > On Mon, Nov 8, 2010 at 4:29 PM, Aaron Richton <[email protected]> > wrote: >> On Mon, 8 Nov 2010, bluethundr wrote: >> >>> [r...@vircent03:~]#cat /etc/openldap/ldap.conf >> [...] >>> TLS_CACERTDIR /etc/openldap/cacerts >>> sudoers_base ou=sudoers,ou=Services,dc=acadaca,dc=net >> I don't believe that "sudoers_base" is a recognized OpenLDAP configuration >> directive. As such, this line may belong in a file other than >> "/etc/openldap/ldap.conf" on your system. >> >> > > > -- Prentice
