{"id":452,"date":"2013-05-09T12:27:24","date_gmt":"2013-05-09T11:27:24","guid":{"rendered":"http:\/\/blog.thogersens.net\/?p=452"},"modified":"2013-05-09T12:27:24","modified_gmt":"2013-05-09T11:27:24","slug":"enable-ldap-sudoers-on-client","status":"publish","type":"post","link":"https:\/\/jakobsens.net\/?p=452","title":{"rendered":"Enable LDAP SUDOers on client"},"content":{"rendered":"<p>Copied from <a title=\"Reload this Page\" href=\"http:\/\/ubuntuforums.org\/showthread.php?t=1421998\">HOW TO: Configure LDAP for SUDO Support on Ubuntu Server 9.10 (Karmic Koala)<\/a><br \/>\nWith some addition text by me and works on Ubuntu 13.04<\/p>\n<p><b>1.) <\/b>Install LDAP Client Configuration<\/p>\n<div style=\"padding-left: 30px;\"><b>I. <\/b>Get LibNSS-LDAP package<br \/>\n<span style=\"color: seagreen;\"><b>TIP! <\/b><\/span>Have your LDAP IP, Base Name, Admin Account and Admin Password Handy before executing this command.<\/div>\n<div style=\"padding-left: 30px;\">\n<div style=\"padding-left: 30px;\">\n<div style=\"padding-left: 30px;\">Code:<\/div>\n<pre style=\"padding-left: 30px;\">sudo apt-get install libnss-ldap<\/pre>\n<\/div>\n<p>&#8230;nCurses based setup screen will ask you information about your LDAP setup<\/p>\n<p>&nbsp;<\/p>\n<\/div>\n<div style=\"padding-left: 30px;\">\n<p><b>II.<\/b> Enable LDAP Support in PAM system<\/p>\n<div style=\"padding-left: 30px;\">\n<div style=\"padding-left: 30px;\">Code:<\/div>\n<pre style=\"padding-left: 30px;\">sudo auth-client-config -t nss -p lac_ldap<\/pre>\n<\/div>\n<p><b>III.<\/b> Verify PAM based LDAP Support<\/p>\n<div style=\"padding-left: 30px;\">\n<div style=\"padding-left: 30px;\">Code:<\/div>\n<pre style=\"padding-left: 30px;\">sudo pam-auth-update<\/pre>\n<\/div>\n<\/div>\n<p><b>NOTE:<\/b> Skip Step 2 for installation on the LDAP server as we already did this above!<br \/>\n<b>2.) <\/b>Install sudo-ldap package<\/p>\n<div style=\"padding-left: 30px;\">\n<p><b>I. <\/b>You will need to drop fully into root mode for this part!<\/p>\n<div style=\"padding-left: 30px;\">\n<div style=\"padding-left: 30px;\">Code:<\/div>\n<pre style=\"padding-left: 30px;\">sudo su<\/pre>\n<\/div>\n<p><b>II.<\/b> Turn off SUDO safety switch<\/p>\n<div style=\"padding-left: 30px;\">\n<div style=\"padding-left: 30px;\">Code:<\/div>\n<pre style=\"padding-left: 30px;\">export SUDO_FORCE_REMOVE=yes<\/pre>\n<\/div>\n<p><b>III.<\/b> Get package<\/p>\n<div style=\"padding-left: 30px;\">\n<div style=\"padding-left: 30px;\">Code:<\/div>\n<pre style=\"padding-left: 30px;\">apt-get install sudo-ldap<\/pre>\n<\/div>\n<p><b>IV.<\/b> Turn on SUDO Safety switch<\/p>\n<div style=\"padding-left: 30px;\">\n<div style=\"padding-left: 30px;\">Code:<\/div>\n<pre style=\"padding-left: 30px;\">export SUDO_FORCE_REMOVE=no<\/pre>\n<\/div>\n<p><b>V.<\/b> Drop back to user-land mode<\/p>\n<div style=\"padding-left: 30px;\">\n<div style=\"padding-left: 30px;\">Code:<\/div>\n<pre style=\"padding-left: 30px;\">exit<\/pre>\n<\/div>\n<\/div>\n<p><b>3.) <\/b>Manually setup sudo redirection from \/etc\/sudoers to LDAP directory<\/p>\n<div style=\"padding-left: 30px;\"><b>I. <\/b>Add support for sudo extentions in \/etc\/ldap.conf<br \/>\n<b><span style=\"color: red;\">WARNING: <\/span><\/b>Take note of the double &#8220;&gt;&gt;&#8221; in line, you do NOT want to accidentally blow out your file!<\/p>\n<div style=\"padding-left: 30px;\">\n<div style=\"padding-left: 30px;\">Code:<\/div>\n<pre style=\"padding-left: 30px;\">sudo echo \"sudoers_base ou=SUDOers,dc=example,dc=com\" &gt;&gt; \/etc\/ldap.conf<\/pre>\n<\/div>\n<p><b>II.<\/b> Symbolically link Sudo Ldap Config file to main LDAP config file<br \/>\n<b>NOTE: <\/b>This is not obvious in ANY documentation I have reviewed, only support forums reveled this.<br \/>\nThis file (sudo-ldap.conf) may already exist so check and rename if so<\/p>\n<div style=\"padding-left: 30px;\">\n<div style=\"padding-left: 30px;\">Code:<\/div>\n<pre style=\"padding-left: 30px;\">sudo ln -s \/etc\/ldap.conf \/etc\/sudo-ldap.conf<\/pre>\n<\/div>\n<p><b>III. <\/b>Add support for sudo \/ ldap communication in NS Switch configuration<br \/>\n<b><span style=\"color: red;\">WARNING: <\/span><\/b>Take note of the double &#8220;&gt;&gt;&#8221; in line, you do NOT want to accidentally blow out your file!<\/p>\n<\/div>\n<div style=\"padding-left: 30px;\">\n<p>The below line might already be in the file (nsswitch.conf) so chcek and one run if not. On my system is was already there.<\/p>\n<div style=\"padding-left: 30px;\">\n<div style=\"padding-left: 30px;\">Code:<\/div>\n<pre style=\"padding-left: 30px;\">sudo echo \"sudoers: ldap\" &gt;&gt; \/etc\/nsswitch.conf<\/pre>\n<\/div>\n<\/div>\n<p>So good luck \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Copied from HOW TO: Configure LDAP for SUDO Support on Ubuntu Server 9.10 (Karmic Koala) With some addition text by me and works on Ubuntu 13.04 1.) Install LDAP Client Configuration I. Get LibNSS-LDAP package TIP! Have your LDAP IP, Base Name, Admin Account and Admin Password Handy before executing this command. Code: sudo apt-get [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-452","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/jakobsens.net\/index.php?rest_route=\/wp\/v2\/posts\/452","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jakobsens.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jakobsens.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jakobsens.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jakobsens.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=452"}],"version-history":[{"count":5,"href":"https:\/\/jakobsens.net\/index.php?rest_route=\/wp\/v2\/posts\/452\/revisions"}],"predecessor-version":[{"id":457,"href":"https:\/\/jakobsens.net\/index.php?rest_route=\/wp\/v2\/posts\/452\/revisions\/457"}],"wp:attachment":[{"href":"https:\/\/jakobsens.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=452"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jakobsens.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=452"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jakobsens.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}