April 14th, 2008

Lord Yupa

LDAP + sudo == sysadmin happiness

Using the latest release of sudo, I was finally able to get sudo working with LDAP enabled on RHEL/CentOS 4. Previously, I had no trouble getting sudo working with LDAP on RHEL3 and RHEL5. However, when I added '--with-ldap' to the compile options on RHEL4, it completely broke sudo, preventing it from authenticating anything.

This is a huge win for us at work, because it makes handling sudo configurations significantly easier. Normally, you have to store the configuration in /etc/sudoers on every single box. With this, you can store your sudo configuration in LDAP, and have all of the sudo rules in a single centralized location. Update it once, and all configured machines will then pull it.

I've become a big fan of LDAP, and with sudo supporting it, I think that anyone using LDAP and not storing sudo information in LDAP is crazy.