Bug 151

Summary: Request for fallback capability within LDAP support
Product: Sudo Reporter: Tim Kirby <trk>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal CC: Todd.Miller
Priority: normal    
Version: 1.6.8   
Hardware: All   
OS: All   

Description Tim Kirby 2004-10-06 18:01:17 MDT 
Per a recent email exchange with Aaron Spangler, who asked me to enter this
faintly feature-request-ish bug; I'd assign it to him if I knew the account he is
in bugzilla under...

In the event of LDAP being inaccessible for whatever reason, there would be value
in having some form of backup capability within sudo - a timeout, perhaps - after
which sudo may look for a local sudoers file and use that. Of course, if the code
to make it work with nsswitch.conf were in place, then perhaps that would work
as well (e.g. "sudo: ldap files" in nsswitch.conf) though the failover might not be
what is desired by all... it probably needs to be optional behavior, at least as a
compile time option if not a run time configuration option, as someone is bound
to object one way or the other...
Comment 1 Todd C. Miller 2007-12-30 12:11:01 MST 
Reassigning to me.  Will be resolved once the nsswitch.conf support is up to snuff.
Comment 2 Todd C. Miller 2008-01-06 11:57:47 MST 
nsswitch.conf support is present in sudo 1.7b1, released today.  Additionally, multiple LDAP servers can be specified along with a connection timeout.