Bug 571 – Non-Unix group plugin should be supported by LDAP sudoUser object

Bug 571 - Non-Unix group plugin should be supported by LDAP sudoUser object


Summary:	Non-Unix group plugin should be supported by LDAP sudoUser object

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudoers
Version:	1.8.6
Hardware:	All All

Importance:	low enhancement
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2012-09-13 14:41 MDT by Todd C. Miller
Modified:	2013-09-03 15:14 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Todd C. Miller 2012-09-13 14:41:53 MDT

Unlike normal Unix groups, it is generally not possible to enumerate all of a user's non-Unix groups.  This makes it impossible to build a standard LDAP query that will return all sudoRole objects that match the user's non-Unix groups.  Instead, the netgroup query could be extended to collect all sudoRoles where the sudoUser matches ":%*".

Comment 1 Todd C. Miller 2012-09-17 09:27:28 MDT

This will be part of sudo 1.8.7.

Comment 2 Todd C. Miller 2013-09-03 15:14:07 MDT

Fixed in 1.8.7