I created an LDAP environment and i'm trying to set up a group in the LDAP server that has SU priviledges in all other linux machine that use this ldap server.
dn: cn=superfriends,ou=group,dc=example,dc=com
objectClass: posixGroup
cn: GNAME
gidNumber: GIDNum
i add this using the ldapadd command. what's the attribute i should add to this? Or is this approach completely wrong? i'm new at this please help.
First off, I'd stop using su to provide root access.
I'd immediately switch to using sudo for a variety of reasons. For one of the best, the root password is not exposed and it is wonderfully configurable to allow users either run just like the root user or limit the subset of commands needed. You can provide access via a group as well.
One thing that was done at a previous company, was to recompile the stock sudo so that it had LDAP access capabilities. I believe that this is a compile option. Then instead of having a /etc/sudoers file on each of our systems, we controlled the access globally using an LDAP subtree containing basically the same elements as the sudoers file.
