|
version 1.1.1.3, 2013/10/14 07:56:34
|
version 1.1.1.4, 2014/06/15 16:12:54
|
|
Line 1
|
Line 1
|
| .\" |
.\" |
| .\" Copyright (c) 2003-2013 Todd C. Miller <Todd.Miller@courtesan.com> | .\" Copyright (c) 2003-2014 Todd C. Miller <Todd.Miller@courtesan.com> |
| .\" |
.\" |
| .\" Permission to use, copy, modify, and distribute this software for any |
.\" Permission to use, copy, modify, and distribute this software for any |
| .\" purpose with or without fee is hereby granted, provided that the above |
.\" purpose with or without fee is hereby granted, provided that the above |
|
Line 14
|
Line 14
|
| .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| .\" |
.\" |
| .Dd August 30, 2013 | .Dd February 7, 2014 |
| .Dt SUDOERS.LDAP @mansectsu@ |
.Dt SUDOERS.LDAP @mansectsu@ |
| .Os Sudo @PACKAGE_VERSION@ |
.Os Sudo @PACKAGE_VERSION@ |
| .Sh NAME |
.Sh NAME |
|
Line 76 is no need for a specialized tool to check syntax.
|
Line 76 is no need for a specialized tool to check syntax.
|
| Another major difference between LDAP and file-based |
Another major difference between LDAP and file-based |
| .Em sudoers |
.Em sudoers |
| is that in LDAP, |
is that in LDAP, |
| .Nm sudo Ns No -specific | .Nm sudo Ns -specific |
| Aliases are not supported. |
Aliases are not supported. |
| .Pp |
.Pp |
| For the most part, there is really no need for |
For the most part, there is really no need for |
| .Nm sudo Ns No -specific | .Nm sudo Ns -specific |
| Aliases. |
Aliases. |
| Unix groups, non-Unix groups (via the |
Unix groups, non-Unix groups (via the |
| .Em group_plugin ) |
.Em group_plugin ) |
| or user netgroups can be used in place of User_Aliases and Runas_Aliases. |
or user netgroups can be used in place of User_Aliases and Runas_Aliases. |
| Host netgroups can be used in place of Host_Aliases. |
Host netgroups can be used in place of Host_Aliases. |
| Since groups and netgroups can also be stored in LDAP there is no real need for |
Since groups and netgroups can also be stored in LDAP there is no real need for |
| .Nm sudo Ns No -specific | .Nm sudo Ns -specific |
| aliases. |
aliases. |
| .Pp |
.Pp |
| Cmnd_Aliases are not really required either since it is possible |
Cmnd_Aliases are not really required either since it is possible |
|
Line 421 sudoHost: !web01
|
Line 421 sudoHost: !web01
|
| .Ed |
.Ed |
| .Ss Sudoers schema |
.Ss Sudoers schema |
| In order to use |
In order to use |
| .Nm sudo Ns No 's | .Nm sudo Ns 's |
| LDAP support, the |
LDAP support, the |
| .Nm sudo |
.Nm sudo |
| schema must be |
schema must be |
|
Line 451 Sudo reads the
|
Line 451 Sudo reads the
|
| file for LDAP-specific configuration. |
file for LDAP-specific configuration. |
| Typically, this file is shared between different LDAP-aware clients. |
Typically, this file is shared between different LDAP-aware clients. |
| As such, most of the settings are not |
As such, most of the settings are not |
| .Nm sudo Ns No -specific. | .Nm sudo Ns -specific. |
| Note that |
Note that |
| .Nm sudo |
.Nm sudo |
| parses |
parses |
|
Line 564 The
|
Line 564 The
|
| parameter specifies the amount of time, in seconds, to wait while trying |
parameter specifies the amount of time, in seconds, to wait while trying |
| to connect to an LDAP server. |
to connect to an LDAP server. |
| If multiple |
If multiple |
| .Sy URI Ns No s | .Sy URI Ns s |
| or |
or |
| .Sy HOST Ns No s | .Sy HOST Ns s |
| are specified, this is the amount of time to wait before trying |
are specified, this is the amount of time to wait before trying |
| the next one in the list. |
the next one in the list. |
| .It Sy NETWORK_TIMEOUT Ar seconds |
.It Sy NETWORK_TIMEOUT Ar seconds |
|
Line 604 form
|
Line 604 form
|
| .Li attribute=value |
.Li attribute=value |
| or |
or |
| .Li (&(attribute=value)(attribute2=value2)) . |
.Li (&(attribute=value)(attribute2=value2)) . |
| |
The default search filter is: |
| |
.Li objectClass=sudoRole . |
| |
If |
| |
.Ar ldap_filter |
| |
is omitted, no search filter will be used. |
| .It Sy SUDOERS_TIMED Ar on/true/yes/off/false/no |
.It Sy SUDOERS_TIMED Ar on/true/yes/off/false/no |
| Whether or not to evaluate the |
Whether or not to evaluate the |
| .Li sudoNotBefore |
.Li sudoNotBefore |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudoers.ldap.mdoc.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc