[root@389-ds /tmp]# file /etc/dirsrv/slapd-eval-389-1/schema/60sudo.ldif
/etc/dirsrv/slapd-eval-389-1/schema/60sudo.ldif: ASCII text

[root@389-ds tmp]# export SUDOERS_BASE=ou=SUDOers,dc=comp,dc=com

[root@389-ds tmp]# echo $SUDOERS_BASE
ou=SUDOers,dc=oracle,dc=com

[root@389-ds tmp]# env | grep SUDO
SUDOERS_BASE=ou=SUDOers,dc=comp,dc=com

# rpm -ql sudo | grep ldif
/usr/share/doc/sudo-1.8.6p3/sudoers2ldif

[root@389-ds tmp]#  perl /usr/share/doc/sudo-1.8.6p7/sudoers2ldif /tmp/sudoers.template | tee sudoers-389.ldif 
dn: cn=defaults,ou=SUDOers,dc=comp,dc=com
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
sudoOrder: 1

dn: cn=root,ou=SUDOers,dc=comp,dc=com
objectClass: top
objectClass: sudoRole
cn: root
sudoUser: root
sudoHost: ALL
sudoRunAsUser: ALL
sudoCommand: ALL
sudoOrder: 2

dn: cn=SYSADMINS,ou=SUDOers,dc=comp,dc=com
objectClass: top
objectClass: sudoRole
cn: SYSADMINS
sudoUser: zare
sudoUser: milan
sudoUser: alisa
sudoHost: ALL
sudoRunAsUser: ALL
sudoCommand: ALL
sudoOption: !authenticate
sudoOrder: 3

---- shortened ----

dn: cn=SOME_RESTRICTED_HOSTS,ou=SUDOers,dc=comp,dc=com
objectClass: top
objectClass: sudoRole
cn: SOME_RESTRICTED_HOSTS
sudoUser: todorka
sudoUser: ugljesa
sudoHost: kaca-host
sudoHost: kruna-host
sudoRunAsUser: ALL
sudoCommand: ALL
sudoOrder: 12

[root@389-ds tmp]#  ldapadd  -x  -W -D "cn=Directory Manager" -f sudoers-389.ldif 

Enter LDAP Password:
adding new entry "cn=defaults,ou=SUDOers,dc=comp,dc=com"
adding new entry "cn=root,ou=SUDOers,dc=comp,dc=com"
adding new entry "cn=SYSADMINS,ou=SUDOers,dc=comp,dc=com"
adding new entry "cn=SOME_RESTRICTED_HOSTS,ou=SUDOers,dc=comp,dc=com"
--shortened--
adding new entry "cn=OTHER_ADMINS,ou=SUDOers,dc=comp,dc=com"

dn: cn=SOME_RESTRICTED_HOSTS,ou=SUDOers,dc=comp,dc=com
changetype: modify
delete: sudoUser
sudoUser: milan
sudoUser: alisa

#  ldapmodify -x  -W -D "cn=Directory Manager" -v -f /tmp/someedit.ldif 
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
delete sudoUser:
        todorka
        ugljesa
modifying entry "cn=BUILD_ADMINS_RESTRICTED_HOSTS,ou=SUDOers,dc=oracle,dc=com"
modify complete

sudoers: ldap

uri ldap://389-ds.comp.com
sudoers_base ou=SUDOers,dc=comp,dc=com
bind_timelimit 30
timelimit 60
sudoers_debug 1

[root@ldapclient etc]# grep zare /etc/passwd
[root@ldapclient etc]#  getent passwd | grep zare
zare:*:2222:2222:Zare.D:/home/zare:/bin/bash

# grep zare /etc/sudoers

May 27 18:55:23 ldapclient sshd[2443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.x.x.x  user=zare
May 27 18:55:25 ldapclient sshd[2443]: Accepted password for zare from 10.x.x.x port 64316 ssh2
May 27 18:55:25 ldapclient sshd[2443]: pam_unix(sshd:session): session opened for user zare by (uid=0)
May 27 18:55:31 ldapclient sudo:   zare : TTY=pts/1 ; PWD=/home/zare ; USER=root ; COMMAND=/bin/su -
May 27 18:55:31 ldapclient su: pam_unix(su-l:session): session opened for user root by zare(uid=0)