Bug 814

Summary: Cmnd_Alias not managed in LDAP template
Product: Sudo Reporter: Daniele Palumbo <daniele>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: NEW ---    
Severity: enhancement    
Priority: low    
Version: 1.8.21   
Hardware: All   
OS: All   

Description Daniele Palumbo 2017-12-06 18:05:00 MST 
From the ldap manual
https://www.sudo.ws/man/1.8.21/sudoers.ldap.man.html
"""
Cmnd_Aliases are not really required either since it is possible to have multiple users listed in a sudoRole. Instead of defining a Cmnd_Alias that is referenced by multiple users, one can create a sudoRole that contains the commands and assign multiple users to it.
"""

Anyway, in a large environment, the usage of Cmnd_Alias may keep small changes over the LDAP tree.
If one Cmnd_Alias is used by several template, this may impact with a huge LDIF modification.
It may also lead to some LDAP entry left behind with the original set of commands.

The desiderata is to have Sudo able to parse the Cmnd_Alias directive written into LDAP, as it happens currently for the local sudoers file.