Bug 971013 - sudo and nss_ldap use different ldap.conf
sudo and nss_ldap use different ldap.conf
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sudo (Show other bugs)
Unspecified Unspecified
low Severity medium
: beta
: ---
Assigned To: Daniel Kopeček
Eduard Benes
: Regression
Depends On: 652687
Blocks: 652726 702098 878439
  Show dependency treegraph
Reported: 2013-06-05 09:14 EDT by Aleš Mareček
Modified: 2014-06-13 05:56 EDT (History)
5 users (show)

See Also:
Fixed In Version: sudo-1.8.6p7-3.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 652687
Last Closed: 2014-06-13 05:56:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Aleš Mareček 2013-06-05 09:14:43 EDT
+++ This bug was initially created as a clone of Bug #652687 +++

Description of problem:
When configuring a system for ldap lookups in PAM, sudo requires admin to have both /etc/ldap.conf and /etc/nss_ldap.conf

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Configure system for ldap auth via nss_ldap (/etc/nss_ldap.conf)
2. Attempt to use sudo (fail)
3. cat /etc/nss_ldap.conf > /etc/ldap.conf
4. attempt to use sudo (win)
Actual results:
nss_ldap and sudo use different ldap config files

in 1st shell
$ sudo -i
# ps -ef | grep <username>
# strace -o /tmp/strace.out -f -s99 -p <pid-of-bash>

in 2nd shell
$ sudo uptime

in 1st shell
CTRL-C to detach strace, then
review /tmp/strace.out:
# egrep 'ldap\.conf' /tmp/strace.out

Expected results:
nss_ldap and sudo should use same ldap configuration
(either /etc/nss_ldap.conf OR /etc/ldap.conf, but not both)

Additional info:

With %build of the spec file for sudo-1.7.4p4,
configure specifies "--with-ldap" but 
does not specify "--with-ldap-conf-file" 
to be consistent with nss_ldap.

The outcome is a single ldap configuration must exist in two places:
/etc/ldap.conf for sudo
/etc/nss_ldap.conf for nss_ldap
Comment 5 Ludek Smid 2014-06-13 05:56:29 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.