[Samba] howto install sudo schema

Rowland Penny rowlandpenny at googlemail.com
Wed Aug 13 09:04:18 MDT 2014

On 13/08/14 15:54, shadrock uhuru wrote:
> Hi
>> Use ldbmodify and the full path to the ldif and you do not need the
>> '--option' , you are not modifying the schema.
>>> / and how do i index the 'sudoUser' attribute?
>> /Just what do you mean by 'index' ? do you mean as in allowing access to
>> the sudo rules or how to pull the rules from AD.
>> Rowland
> this page sudoers.ldap.man
> <http://www.sudo.ws/sudo/man/1.8.6/sudoers.ldap.man.html> says
> "Sudoers schema
> In order to use sudo's LDAP support, the sudo schema must be installed
> on your LDAP server. In addition, be sure to index the sudoUser attribute."
> i have indexed attributes before when working with openldap but not sure
> how to do it in samba.
> Shadrock
I use sssd to get the sudo rules from AD and do not index the sudoUser 
attribute, in fact, thinking about it, I don't index anything ;-)

What I had to do was alter the 'nTSecurityDescriptor' attribute on 
'CN=SUDOers', to allow Domain Computers to access the rules


More information about the samba mailing list