=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/sudoers.ldap.pod,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- src/usr.bin/sudo/Attic/sudoers.ldap.pod 2008/11/14 11:58:08 1.1 +++ src/usr.bin/sudo/Attic/sudoers.ldap.pod 2009/04/11 11:48:06 1.2 @@ -14,7 +14,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -$Sudo: sudoers.ldap.pod,v 1.10 2008/05/10 13:18:47 millert Exp $ +$Sudo: sudoers.ldap.pod,v 1.12 2009/03/10 21:08:18 millert Exp $ =pod =head1 NAME @@ -457,7 +457,7 @@ Unless it is disabled at build time, B consults the Name Service Switch file, F<@nsswitch_conf@>, to specify the I -search order. Sudo looks for a line beginning with C and +search order. Sudo looks for a line beginning with C: and uses this to determine the search order. Note that B does not stop searching after the first match and later matches take precedence over earlier ones. @@ -487,6 +487,36 @@ Note that F<@nsswitch_conf@> is supported even when the underlying operating system does not use an nsswitch.conf file. +=head2 Configuring netsvc.conf + +On AIX systems, the F<@netsvc_conf@> file is consulted instead of +F<@nsswitch_conf@>. B simply treats I as a +variant of I; information in the previous section +unrelated to the file format itself still applies. + +To consult LDAP first followed by the local sudoers file (if it +exists), use: + + sudoers = ldap, files + +The local I file can be ignored completely by using: + + sudoers = ldap + +To treat LDAP as authoratative and only use the local sudoers file +if the user is not present in LDAP, use: + + sudoers = ldap = auth, files + +Note that in the above example, the C qualfier only affects +user lookups; both LDAP and I will be queried for C +entries. + +If the F<@netsvc_conf@> file is not present or there is no +sudoers line, the following default is assumed: + + sudoers = files + =head1 FILES =over 24 @@ -499,6 +529,10 @@ determines sudoers source order +=item F<@netsvc_conf@> + +determines sudoers source order on AIX + =back =head1 EXAMPLES @@ -657,11 +691,6 @@ MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ description ) ) - -=for comment - -Add nsswitch.conf example? -Add more exhaustive sudoers ldif example? =head1 SEE ALSO