From: Todd C. Miller Date: Sat, 5 Jan 2008 21:35:25 +0000 (+0000) Subject: Make it clear that host and uri can take multiple parameters. X-Git-Tag: SUDO_1_7_0~251 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=77d841e0e6bfe4ff9f39e8765576c7e22aeb3387;p=sudo Make it clear that host and uri can take multiple parameters. URI is now supported for more than just openldap nsswitch.conf does't accept "compat" --- diff --git a/README.LDAP b/README.LDAP index 39d47f66f..62c973058 100644 --- a/README.LDAP +++ b/README.LDAP @@ -212,15 +212,19 @@ option. Make sure you sudoers_base matches exactly with the location you specified when you imported the sudoers. Below is an example /etc/ldap.conf - # Either specify a URI or host and port. - # If neither is specified sudo will default to localhost port 389. + # Either specify one or more URIs or one or more host:port pairs. + # If neither is specified sudo will default to localhost, port 389. + # #host ldapserver + #host ldapserver1 ldapserver2:390 + # + # Default port if host is specified without one, defaults to 389. #port 389 # - # URI will override host & port settings but only works with LDAP - # SDK's that support ldap_initialize() such as OpenLDAP. + # URI will override the host and port settings. uri ldap://ldapserver #uri ldaps://secureldapserver + #uri ldaps://secureldapserver ldap://ldapserver # # must be set or sudo will ignore LDAP sudoers_base ou=SUDOers,dc=example,dc=com @@ -372,7 +376,6 @@ Starting with version 1.7, sudo consults nsswitch.conf for the search order. The following sources are recognized. files read sudoers from a file (usually /etc/sudoers) ldap read sudoers from LDAP - compat behave as if no nsswitch.conf was present I addition, the entry "[NOTFOUND=return]" will short-circuit the search if the user was not found in the preceding source.