inherent order. The sudoOrder attribute is an integer (or floating
point value for LDAP servers that support it) that is used to sort
the matching entries. This allows LDAP-based sudoers entries to
- more closely mimic the behaviour of the sudoers file, where the of
+ more closely mimic the behavior of the sudoers file, where the of
the entries influences the result. If multiple entries match, the
entry with the highest sudoOrder attribute is chosen. This
corresponds to the ``last match'' behavior of the sudoers file. If
user belongs to any of them.
If timed entries are enabled with the S\bSU\bUD\bDO\bOE\bER\bRS\bS_\b_T\bTI\bIM\bME\bED\bD configuration
- directive, the LDAP queries include a subfilter that limits retrieval to
+ directive, the LDAP queries include a sub-filter that limits retrieval to
entries that satisfy the time constraints, if any.
D\bDi\bif\bff\bfe\ber\bre\ben\bnc\bce\bes\bs b\bbe\bet\btw\bwe\bee\ben\bn L\bLD\bDA\bAP\bP a\ban\bnd\bd n\bno\bon\bn-\b-L\bLD\bDA\bAP\bP s\bsu\bud\bdo\boe\ber\brs\bs
C\bCo\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg l\bld\bda\bap\bp.\b.c\bco\bon\bnf\bf
Sudo reads the _\b/_\be_\bt_\bc_\b/_\bl_\bd_\ba_\bp_\b._\bc_\bo_\bn_\bf file for LDAP-specific configuration.
- Typically, this file is shared amongst different LDAP-aware clients. As
+ Typically, this file is shared between different LDAP-aware clients. As
such, most of the settings are not s\bsu\bud\bdo\bo-specific. Note that s\bsu\bud\bdo\bo parses
_\b/_\be_\bt_\bc_\b/_\bl_\bd_\ba_\bp_\b._\bc_\bo_\bn_\bf itself and may support options that differ from those
described in the system's ldap.conf(1m) manual.
case but are parsed in a case-independent manner.
U\bUR\bRI\bI _\bl_\bd_\ba_\bp_\b[_\bs_\b]_\b:_\b/_\b/_\b[_\bh_\bo_\bs_\bt_\bn_\ba_\bm_\be_\b[_\b:_\bp_\bo_\br_\bt_\b]_\b] _\b._\b._\b.
- Specifies a whitespace-delimited list of one or more URIs
+ Specifies a white space-delimited list of one or more URIs
describing the LDAP server(s) to connect to. The _\bp_\br_\bo_\bt_\bo_\bc_\bo_\bl may be
either _\bl_\bd_\ba_\bp _\bl_\bd_\ba_\bp_\bs, the latter being for servers that support TLS
(SSL) encryption. If no _\bp_\bo_\br_\bt is specified, the default is port 389
of supporting one or the other.
H\bHO\bOS\bST\bT _\bn_\ba_\bm_\be_\b[_\b:_\bp_\bo_\br_\bt_\b] _\b._\b._\b.
- If no U\bUR\bRI\bI is specified, the H\bHO\bOS\bST\bT parameter specifies a whitespace-
+ If no U\bUR\bRI\bI is specified, the H\bHO\bOS\bST\bT parameter specifies a white space-
delimited list of LDAP servers to connect to. Each host may
include an optional _\bp_\bo_\br_\bt separated by a colon (`:'). The H\bHO\bOS\bST\bT
parameter is deprecated in favor of the U\bUR\bRI\bI specification and is
sudoers = ldap
- To treat LDAP as authoratative and only use the local sudoers file if the
+ To treat LDAP as authoritative and only use the local sudoers file if the
user is not present in LDAP, use:
sudoers = ldap = auth, files
- Note that in the above example, the auth qualfier only affects user
+ Note that in the above example, the auth qualifier only affects user
lookups; both LDAP and _\bs_\bu_\bd_\bo_\be_\br_\bs will be queried for Defaults entries.
If the _\b/_\be_\bt_\bc_\b/_\bn_\be_\bt_\bs_\bv_\bc_\b._\bc_\bo_\bn_\bf file is not present or there is no sudoers line,
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.6 July 12, 2012 Sudo 1.8.6
+Sudo 1.8.7 February 5, 2013 Sudo 1.8.7
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM sudoers.ldap.mdoc.in
.\"
-.\" Copyright (c) 2003-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" Copyright (c) 2003-2013 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.TH "SUDOERS.LDAP" "8" "July 12, 2012" "Sudo @PACKAGE_VERSION@" "OpenBSD System Manager's Manual"
+.TH "SUDOERS.LDAP" "8" "February 5, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
\fRsudoOrder\fR
attribute is an integer (or floating point value for LDAP servers
that support it) that is used to sort the matching entries.
-This allows LDAP-based sudoers entries to more closely mimic the behaviour
+This allows LDAP-based sudoers entries to more closely mimic the behavior
of the sudoers file, where the of the entries influences the result.
If multiple entries match, the entry with the highest
\fRsudoOrder\fR
.PP
If timed entries are enabled with the
\fBSUDOERS_TIMED\fR
-configuration directive, the LDAP queries include a subfilter that
+configuration directive, the LDAP queries include a sub-filter that
limits retrieval to entries that satisfy the time constraints, if any.
.SS "Differences between LDAP and non-LDAP sudoers"
There are some subtle differences in the way sudoers is handled
Sudo reads the
\fI@ldap_conf@\fR
file for LDAP-specific configuration.
-Typically, this file is shared amongst different LDAP-aware clients.
+Typically, this file is shared between different LDAP-aware clients.
As such, most of the settings are not
\fBsudo\fR-specific.
Note that
in a case-independent manner.
.TP 6n
\fBURI\fR \fIldap[s]://[hostname[:port]] ...\fR
-Specifies a whitespace-delimited list of one or more URIs describing
+Specifies a white space-delimited list of one or more URIs describing
the LDAP server(s) to connect to.
The
\fIprotocol\fR
\fBURI\fR
is specified, the
\fBHOST\fR
-parameter specifies a whitespace-delimited list of LDAP servers to connect to.
+parameter specifies a white space-delimited list of LDAP servers to connect to.
Each host may include an optional
\fIport\fR
separated by a colon
.RE
.fi
.PP
-To treat LDAP as authoratative and only use the local sudoers file
+To treat LDAP as authoritative and only use the local sudoers file
if the user is not present in LDAP, use:
.nf
.sp
.PP
Note that in the above example, the
\fRauth\fR
-qualfier only affects user lookups; both LDAP and
+qualifier only affects user lookups; both LDAP and
\fIsudoers\fR
will be queried for
\fRDefaults\fR
.\"
-.\" Copyright (c) 2003-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" Copyright (c) 2003-2013 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd July 12, 2012
+.Dd February 5, 2013
.Dt SUDOERS.LDAP @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Li sudoOrder
attribute is an integer (or floating point value for LDAP servers
that support it) that is used to sort the matching entries.
-This allows LDAP-based sudoers entries to more closely mimic the behaviour
+This allows LDAP-based sudoers entries to more closely mimic the behavior
of the sudoers file, where the of the entries influences the result.
If multiple entries match, the entry with the highest
.Li sudoOrder
.Pp
If timed entries are enabled with the
.Sy SUDOERS_TIMED
-configuration directive, the LDAP queries include a subfilter that
+configuration directive, the LDAP queries include a sub-filter that
limits retrieval to entries that satisfy the time constraints, if any.
.Ss Differences between LDAP and non-LDAP sudoers
There are some subtle differences in the way sudoers is handled
Sudo reads the
.Pa @ldap_conf@
file for LDAP-specific configuration.
-Typically, this file is shared amongst different LDAP-aware clients.
+Typically, this file is shared between different LDAP-aware clients.
As such, most of the settings are not
.Nm sudo Ns No -specific.
Note that
in a case-independent manner.
.Bl -tag -width 4n
.It Sy URI Ar ldap[s]://[hostname[:port]] ...
-Specifies a whitespace-delimited list of one or more URIs describing
+Specifies a white space-delimited list of one or more URIs describing
the LDAP server(s) to connect to.
The
.Em protocol
.Sy URI
is specified, the
.Sy HOST
-parameter specifies a whitespace-delimited list of LDAP servers to connect to.
+parameter specifies a white space-delimited list of LDAP servers to connect to.
Each host may include an optional
.Em port
separated by a colon
sudoers = ldap
.Ed
.Pp
-To treat LDAP as authoratative and only use the local sudoers file
+To treat LDAP as authoritative and only use the local sudoers file
if the user is not present in LDAP, use:
.Bd -literal -offset 4n
sudoers = ldap = auth, files
.Pp
Note that in the above example, the
.Li auth
-qualfier only affects user lookups; both LDAP and
+qualifier only affects user lookups; both LDAP and
.Em sudoers
will be queried for
.Li Defaults
projects / sudo / commitdiff