Hello List I am attempting to setup various pam modules to consult our new LDAP services in order to do what it needs to do. I have setup my /etc/pam.d sudo file (for example) this way in the attempt to accomplish this via LDAP: [root at VIRCENT03:~]#cat /etc/pam.d/sudo #%PAM-1.0 auth include system-auth auth required pam_ldap.so account include system-auth account required pam_ldap.so password include system-auth password required pam_ldap.so session optional pam_keyinit.so revoke session required pam_limits.so session required pam_ldap.so but even tho the user is part of the %wheel group under LDAP it is unable to sudo to any other account (including root). If I try to sudo this is what happens: [bluethundr at VIRCENT03:~]#sudo bash [sudo] password for bluethundr: bluethundr is not in the sudoers file. This incident will be reported. It would appear that sudo support for ldap is compiled in: [root at VIRCENT03:~]#ldd $(which sudo)| grep -i ldap libldap-2.3.so.0 => /usr/lib/libldap-2.3.so.0 (0x00552000) This is how I setup my ldap.conf file [root at VIRCENT03:~]#cat /etc/openldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never URI ldap://ldap.acadaca.net/ BASE dc=acadaca,dc=net TLS_CACERTDIR /etc/openldap/cacerts sudoers_base ou=sudoers,ou=Services,dc=acadaca,dc=net In my openldap logs on the LDAP server there appears to be no activity when I sudo. however in the secure logs on the client I do.. Nov 8 16:05:34 VIRCENT03 su: pam_unix(su-l:session): session opened for user root by bluethundr(uid=500) Nov 8 16:05:37 VIRCENT03 su: pam_unix(su-l:session): session opened for user bluethundr by bluethundr(uid=0) Nov 8 16:05:44 VIRCENT03 sudo: bluethundr : user NOT in sudoers ; TTY=pts/5 ; PWD=/home/bluethundr ; USER=root ; COMMAND=/bin/bash I do see other events in secure.log that appear to be pam successes however. am i interpreting this correctly that at least part of the system is communicating with pam on the ldap server? thanks -- Here's my RSA Public key: gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9 Share and enjoy!!