Date: Sun, 11 Jun 2006 00:27:03 -0700 From: Michael Haro <mharo@FreeBSD.org> To: Tom Judge <tom@tomjudge.com> Cc: ports@FreeBSD.org Subject: Re: FreeBSD Port: sudo-1.6.8.12_1 Message-ID: <20060611072703.GB29363@bitsurf.net> In-Reply-To: <4489331B.8060907@tomjudge.com> References: <4489331B.8060907@tomjudge.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This seems like something that would be useful (as an option to configure)
to sudo in general and not specific to FreeBSD. Have you tried contacting
the sudo project?
Michael
On Fri, Jun 09, 2006 at 09:36:43AM +0100, Tom Judge wrote:
> Hi,
>
> Sorry I forgot to attach the patch to the last email.
>
> I have created a small patch for sudo that allows it to do an LDAP sub
> tree search for the sudoers entries, which in turn allows you to
> categorize sudo rights within the LDAP tree. Would it be possible to
> get this added to the sudo port?
>
> Regards
>
> Tom J
>
>
> --- ldap.c.orig Fri Jun 9 09:14:24 2006
> +++ ldap.c Fri Jun 9 09:17:55 2006
> @@ -833,7 +833,7 @@
>
> /* Parse Default Options */
>
> - rc=ldap_search_s(ld,ldap_conf.base,LDAP_SCOPE_ONELEVEL,
> + rc=ldap_search_s(ld,ldap_conf.base,LDAP_SCOPE_SUBTREE,
> "cn=defaults",NULL,0,&result);
> if (!rc && (entry=ldap_first_entry(ld,result))){
> if (ldap_conf.debug) printf("found:%s\n",ldap_get_dn(ld,entry));
> @@ -871,7 +871,7 @@
> filt=strdup("sudoUser=+*");
> }
> if (ldap_conf.debug) printf("ldap search '%s'\n",filt);
> - rc=ldap_search_s(ld,ldap_conf.base,LDAP_SCOPE_ONELEVEL,
> + rc=ldap_search_s(ld,ldap_conf.base,LDAP_SCOPE_SUBTREE,
> filt,NULL,0,&result);
> if (rc) {
> if (ldap_conf.debug) printf("nothing found for '%s'\n",filt);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060611072703.GB29363>