HPE Community
Operating System - HP-UX
1820540 Members
3254 Online
109626 Solutions
New Discussion юеВ

HP-UX sudo and LDAP

 
Eric Freeman_1
Occasional Contributor

тАО03-09-2009 01:21 PM

тАО03-09-2009 01:21 PM

HP-UX sudo and LDAP

We are running LDAPUX B.04.00, on HP-UX B.11.11. We are authenticating against LDAP without any issues. I want to point sudo v1.70 to authenticate against ldap. According to the sudo documentation I need to add the following lines to ldap.conf.

What file on HPUX do I add this to? I don't believe it is /etc/ldap.conf


uri ldap://ldapserver
bind_timelimit 30
timelimit 30
sudoers_base ou=SUDOers,dc=example,dc=com

I have added the following lines to my /etc/pam.conf and /etc/pam.ldap.trusted because we are running a trusted system.
sudo account sufficient /usr/lib/security/libpam_unix.1
sudo account required /usr/lib/security/libpam_ldap.1

I also added the following lines to my /etc/nsswitch.conf file

sudoers ldap files.

Any help would be appreciated.


Thank you


Thank you.
0 Kudos
4 REPLIES 4
Johnson Punniyalingam
Honored Contributor

тАО03-09-2009 09:29 PM

тАО03-09-2009 09:29 PM

Re: HP-UX sudo and LDAP

Hi Eric,

have you tried edting .? in HPUX , you can run the command

# visudo

example:-

# sudo lsof

Thanks,
Johnson

Problems are common to all, but attitude makes the difference
0 Kudos
Armin Kunaschik
Esteemed Contributor

тАО03-10-2009 03:57 AM

тАО03-10-2009 03:57 AM

Re: HP-UX sudo and LDAP

Do you want to let sudo connect to LDAP directly or do you want to use PAM for that?
If PAM is working, sudo should work too automagicaly.
For direct connection check http://www.sudo.ws/sudo/readme_ldap.html

BTW: sudoers is an invalid option in nsswitch.conf (see man nsswitch.conf)!

My 2 cents,
Armin

PS: Assign points if you find answers useful!
And now for something completely different...
0 Kudos
Eric Freeman_1
Occasional Contributor

тАО03-10-2009 09:18 AM

тАО03-10-2009 09:18 AM

Re: HP-UX sudo and LDAP

Sorry, I may not have been clear. I don't see sudo talking to my ldap server. I modified the /usr/local/etc/openldap/ldap.conf file

I need to put the sudoers base and ldap host somewhere. I am not sure where to put this information.
0 Kudos
Eric Freeman_1
Occasional Contributor

тАО03-11-2009 08:39 AM

тАО03-11-2009 08:39 AM

Re: HP-UX sudo and LDAP

I need to compile sudo with ldap. I thought the depot was configured with ldap support but it was just configured with PAM
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.