First Last Prev Next    This bug is not in your last search results.
Bug 196 - LDAP nisNetgroupTripple Syntax too strict?
LDAP nisNetgroupTripple Syntax too strict?
Status: RESOLVED INVALID
Product: Sudo
Classification: Unclassified
Component: Sudo
1.6.8
PC Linux
: normal normal
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-27 14:30 MDT by asher feldman
Modified: 2008-06-11 09:40 MDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description asher feldman 2005-10-27 14:30:07 MDT 
Sudo would not accept netgroups in ldap when a dash was present for the
domainname attribute.  

nisNetgroupTripple: (-,user,-)

We had to change this to:

nisNetgroupTripple: (-,user,)

For all entries.  I'd like to think this shouldn't matter :)
Comment 1 Todd C. Miller 2007-07-05 15:42:04 MDT 
Unless netgroups in LDAP are different from NIS I don't think this is a bug in sudo per se.  A '-' in the domain portion of the netgroup will preclude sudo from matching that entry as sudo uses the machine's NIS domain, if set, when matching.  I'm surprised that a '-' for the host portion of the tuple works though since I would expect that to prevent a match as well.
Comment 2 Todd C. Miller 2008-06-11 09:40:09 MDT 
Not a sudo bug.
First Last Prev Next    This bug is not in your last search results.