diff options
| author | Todd C. Miller <Todd.Miller@sudo.ws> | 2023-03-10 19:19:23 -0700 |
|---|---|---|
| committer | Todd C. Miller <Todd.Miller@sudo.ws> | 2023-03-10 19:19:23 -0700 |
| commit | b4940c4dca7c3328817aaef470f05fa6bb367c41 (patch) | |
| tree | 818eb8a80e75379333ba80d8a95fb1ec63c91827 | |
| parent | 9ecfcec81acce90d3971b0d542133c8e4a360da8 (diff) | |
| download | sudo-b4940c4dca7c3328817aaef470f05fa6bb367c41.tar.gz | |
Sudo now does its own netgroup lookups if NETGROUP_BASE is set.
Previously, it only performed netgroup queries to determine the
list of netgroups a user was a member of.
| -rw-r--r-- | docs/sudoers.ldap.man.in | 14 | ||||
| -rw-r--r-- | docs/sudoers.ldap.mdoc.in | 14 |
2 files changed, 22 insertions, 6 deletions
diff --git a/docs/sudoers.ldap.man.in b/docs/sudoers.ldap.man.in index 3b6643363..e8e65f9aa 100644 --- a/docs/sudoers.ldap.man.in +++ b/docs/sudoers.ldap.man.in @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "SUDOERS.LDAP" "@mansectform@" "January 16, 2023" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS.LDAP" "@mansectform@" "March 10, 2023" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -802,8 +802,16 @@ Multiple \fBNETGROUP_BASE\fR lines may be specified, in which case they are queried in the order specified. .sp -This option can be used to query a user's netgroups directly via LDAP -which is usually faster than fetching every +When this option is enabled, +\fBsudo\fR +will query the LDAP server directly when matching netgroups present in a +\fIsudoRole\fR +instead of relying on the C library's +\fBinnetgr\fR() +function. +.sp +This option can also be used to query a user's netgroups directly +via LDAP which is usually faster than fetching every \fIsudoRole\fR object containing a \fIsudoUser\fR diff --git a/docs/sudoers.ldap.mdoc.in b/docs/sudoers.ldap.mdoc.in index a0edf3a3a..9a93045e2 100644 --- a/docs/sudoers.ldap.mdoc.in +++ b/docs/sudoers.ldap.mdoc.in @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd January 16, 2023 +.Dd March 10, 2023 .Dt SUDOERS.LDAP @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -753,8 +753,16 @@ Multiple .Sy NETGROUP_BASE lines may be specified, in which case they are queried in the order specified. .Pp -This option can be used to query a user's netgroups directly via LDAP -which is usually faster than fetching every +When this option is enabled, +.Nm sudo +will query the LDAP server directly when matching netgroups present in a +.Em sudoRole +instead of relying on the C library's +.Fn innetgr +function. +.Pp +This option can also be used to query a user's netgroups directly +via LDAP which is usually faster than fetching every .Em sudoRole object containing a .Em sudoUser |