[GH-ISSUE #702] [Feature Request] sudoers support #252

New issue

Closed

opened 2026-02-27 08:16:09 +03:00 by kerem · 2 comments

kerem commented

2026-02-27 08:16:09 +03:00

Owner

Originally created by @SingingFrog7 on GitHub (Oct 8, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/702

Hey guys,

Is there any plan to support sudoers in the future?

I'd be migrating from my current LDAP server if it was supported as I use it to give sudo access to users on all my vms and containers

Thanks

Originally created by @SingingFrog7 on GitHub (Oct 8, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/702 Hey guys, Is there any plan to support sudoers in the future? I'd be migrating from my current LDAP server if it was supported as I use it to give sudo access to users on all my vms and containers Thanks

kerem closed this issue

2026-02-27 08:16:09 +03:00

kerem commented

2026-02-27 08:16:10 +03:00

Author

Owner

@nitnelave commented on GitHub (Oct 8, 2023):

Hi! I had a look at the sudoers LDAP configuration, and it seems that it won't be compatible with LLDAP's simple structure of just groups and users.

However, once #67 is implemented, we'll have support for PAM authentication so you can assign Unix groups with LDAP. If you configure your sudoers the old fashioned way (with visudo) based on groups, you can then assign permissions to people by adding them to LLDAP's groups.

@nitnelave commented on GitHub (Oct 8, 2023): Hi! I had a look at the sudoers LDAP configuration, and it seems that it won't be compatible with LLDAP's simple structure of just groups and users. However, once #67 is implemented, we'll have support for PAM authentication so you can assign Unix groups with LDAP. If you configure your sudoers the old fashioned way (with visudo) based on groups, you can then assign permissions to people by adding them to LLDAP's groups.

kerem commented

2026-02-27 08:16:10 +03:00

Author

Owner

@SingingFrog7 commented on GitHub (Oct 13, 2023):

Hello,
Sorry for my late reply and thanks for looking at it. It definitively could work for me, in fact I tried to switch from OpenLDAP to different other LDAP servers and I always came back to OpenLDAP because I use the sudoers (which I could change to having a sudoer group but I would have to add that group to all machines, which is doable) and I also use Samba, which I know is another complicated beast

I'll keep an eye on #67 and test it in my environment once it's implemented

Thanks for your time!

@SingingFrog7 commented on GitHub (Oct 13, 2023): Hello, Sorry for my late reply and thanks for looking at it. It definitively could work for me, in fact I tried to switch from OpenLDAP to different other LDAP servers and I always came back to OpenLDAP because I use the sudoers (which I could change to having a sudoer group but I would have to add that group to all machines, which is doable) and I also use Samba, which I know is another complicated beast I'll keep an eye on #67 and test it in my environment once it's implemented Thanks for your time!