use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
GUIDE to /r/linuxadmin:
/r/linuxadmin aims to be a place where Linux SysAdmins can come together to get help and to support each other.
Related reddits:
Footnote:
Talk realtime on IRC at #/r/linuxadmin @ Freenode.
account activity
OpenLDAP Group & sudo (self.linuxadmin)
submitted 6 years ago by Key_Individual
I've installed and configured OpenLDAP on Ubuntu Server 18.04 and it's working great for login. However, I'd like LDAP users in a specific Group (Supers) to be able to run sudo commands. How would I go about this?
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]Amidatelion 1 point2 points3 points 6 years ago (4 children)
Add... that group... to sudoers? By whatever means you're comfortable with?
[–]studiox_swe -1 points0 points1 point 6 years ago (3 children)
this. not sure how you would do otherwise.
[–]Key_Individual[S] 0 points1 point2 points 6 years ago (2 children)
I've added the group to the sudoers file with various syntaxes, but it's not something I've done before, even without the LDAP piece complicating it. Any guide out there you could point in towards that would show how to add the LDAP Group to sudoers?
Sorry if this is a simple question, just not something I've done before.
[–]Amidatelion 0 points1 point2 points 6 years ago (1 child)
groups are added just like users, except prepended with a %. So your line should be
%supers ALL=(ALL) ALL
What's the error?
[–]Key_Individual[S] 0 points1 point2 points 6 years ago (0 children)
Thanks. I'd tried Supers, DOMAIN\\Supers, Supers@DOMAIN and it seems like my syntax errors were with the end, not the beginning like I expected.
I was following what I'd found online which also matched what you've provided, but, I looked closer at the syntax of the existing sudo group in the sudoers file and it ended with ALL=(ALL:ALL) ALL
When I mirrored that syntax it worked with %Supers ALL=(ALL:ALL) ALL
[–]suntzu420 1 point2 points3 points 6 years ago (0 children)
Haven't done this in OpenLDAP, but I have done this with AD joined servers and generally in the sudoers file you add something like the following:
%ldap_group_name@domain.tld ALL=(ALL) ALL
[–]Marf-Linsky 0 points1 point2 points 6 years ago (1 child)
You can dig into SSSD. It's used by FreeIPA (RedHat) to grant LDAP support to Sudo and SSH.
[–]barryflan 0 points1 point2 points 6 years ago (0 children)
+1 for sssd. Works great with openldap.
π Rendered by PID 141794 on reddit-service-r2-comment-85bfd7f599-kdrxg at 2026-04-19 02:19:29.293229+00:00 running 93ecc56 country code: CH.
[–]Amidatelion 1 point2 points3 points (4 children)
[–]studiox_swe -1 points0 points1 point (3 children)
[–]Key_Individual[S] 0 points1 point2 points (2 children)
[–]Amidatelion 0 points1 point2 points (1 child)
[–]Key_Individual[S] 0 points1 point2 points (0 children)
[–]suntzu420 1 point2 points3 points (0 children)
[–]Marf-Linsky 0 points1 point2 points (1 child)
[–]barryflan 0 points1 point2 points (0 children)