Bug 810

Summary: Defaults for Cmnd_Alias not associate to a User_Alias cannot be translated into LDAP
Product: Sudo Reporter: Daniele Palumbo <daniele>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: NEW ---    
Severity: enhancement CC: daniele
Priority: low    
Version: 1.8.21   
Hardware: All   
OS: Other   
See Also: https://bugzilla.sudo.ws/show_bug.cgi?id=811

Description Daniele Palumbo 2017-12-06 16:21:04 MST 
Currently is not possible to translate the following into LDAP:

https://www.sudo.ws/man/1.8.21/sudoers.man.html#EXAMPLES
"Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
Defaults!PAGERS noexec"

According to Todd, this limitation is existing because that sudoRole will never match a query because there is no sudoUser in it.

Current limitation is that there is no way to specify per-command options in
sudoers LDAP.  The options are either global or specific to a given
sudoRole.

In order to have full capability of Sudo over LDAP, this limitation should be removed.