I've been working on a sudoers file to work with groups in LDAP. I've created the groups in LDAP and added the users to there respective groups. I've also setup my sudoers file to have the groups match what is in LDAP. And I've added ldap to nsswitch.conf in the group line. The problem is that when a user tries to sudo to a user within their group(s) it errors out saying the user is not in the sudoers file. Also, when I do 'id -a username' it will show the uid, the gid and the group. Has anyone done this before, and if so, what am I missing?
Thanks,
==============================
nsswitch.conf
group: files nis ldap
sample of my sudoers file
##################
# User alias specification #
##################
################## #Cmnd alias specification#
##################
#GID 14 SYSADMIN is for System Administrators who require ROOT access
# !!!NOTE - THIS GROUP GIVES ROOT ACCESS ON ALL SYSTEMS!!!!
Cmnd_Alias ROOTSHELLS =\
/bin/su -, \
/bin/sh, \
/bin/csh, \
/bin/bash, \
/usr/bin/bash, \
/bin/ksh
#GID 101 DBADMIN is used primarily for the DBA group
Cmnd_Alias DB_ADMIN=\
/bin/su - , \
/bin/sh , \
/bin/csh , \
/bin/su - oracle, \
/bin/kill ?, \
/bin/rm -i ?
#####################
# User privilege specification #
#####################
the weird part about this, is that i was testing this on our dr servers and it worked fine. i also had a user test this from a different group and it worked fine as well. but when i attempt to do this on a prod server, i get the error, user abc is not in sudoers....
and our dr servers are setup exactly the same as our prod servers.
yeah...i think i got it figured out. i'm going to play around with it some more and i'll post my results after i test it IF it's successful. but thanks for your help perderabo!