Add -b option to specify the base dn.

doc/cvtsudoers.cat

@@ -4,7 +4,7 @@ NNAAMMEE
      ccvvttssuuddooeerrss - convert between sudoers file formats
 
 SSYYNNOOPPSSIISS
-     ccvvttssuuddooeerrss [--hhVV] [--ff _f_o_r_m_a_t] [--oo _o_u_t_p_u_t___f_i_l_e] [_s_u_d_o_e_r_s___f_i_l_e]
+     ccvvttssuuddooeerrss [--hhVV] [--bb _d_n] [--ff _f_o_r_m_a_t] [--oo _o_u_t_p_u_t___f_i_l_e] [_s_u_d_o_e_r_s___f_i_l_e]
 
 DDEESSCCRRIIPPTTIIOONN
      ccvvttssuuddooeerrss can be used to convert a policy file in _s_u_d_o_e_r_s format to
@@ -17,7 +17,15 @@ DDEESSCCRRIIPPTTIIOONN
 
      The options are as follows:
 
-     --ff, ----ffoorrmmaatt
+     --bb _d_n, ----bbaassee=_d_n
+                 The base DN (distinguished name) that will be used when
+                 performing LDAP queries.  Typically this is of the form
+                 ou=SUDOers,dc=example,dc=com for the domain example.com.  If
+                 this option is not specified, the value of the SUDOERS_BASE
+                 environment variable will be used instead.  Only necessary
+                 when converting to LDIF format.
+
+     --ff _o_u_t_p_u_t___f_o_r_m_a_t, ----ffoorrmmaatt=_o_u_t_p_u_t___f_o_r_m_a_t
                  Specify the output format.  The following formats are
                  supported:
 

doc/cvtsudoers.man.in

@@ -26,6 +26,7 @@
 .HP 11n
 \fBcvtsudoers\fR
 [\fB\-hV\fR]
+[\fB\-b\fR\ \fIdn\fR]
 [\fB\-f\fR\ \fIformat\fR]
 [\fB\-o\fR\ \fIoutput_file\fR]
 [\fIsudoers_file\fR]
@@ -48,7 +49,19 @@ By default, the result is written to the standard output.
 .PP
 The options are as follows:
 .TP 12n
-\fB\-f\fR, \fB\--format\fR
+\fB\-b\fR \fIdn\fR, \fB\--base\fR=\fIdn\fR
+The base DN (distinguished name) that will be used when performing
+LDAP queries.
+Typically this is of the form
+\fRou=SUDOers,dc=example,dc=com\fR
+for the domain
+\fRexample.com\fR.
+If this option is not specified, the value of the
+\fRSUDOERS_BASE\fR
+environment variable will be used instead.
+Only necessary when converting to LDIF format.
+.TP 12n
+\fB\-f\fR \fIoutput_format\fR, \fB\--format\fR=\fIoutput_format\fR
 Specify the output format.
 The following formats are supported:
 .PP

doc/cvtsudoers.mdoc.in

@@ -23,6 +23,7 @@
 .Sh SYNOPSIS
 .Nm cvtsudoers
 .Op Fl hV
+.Op Fl b Ar dn
 .Op Fl f Ar format
 .Op Fl o Ar output_file
 .Op Ar sudoers_file
@@ -45,7 +46,18 @@ By default, the result is written to the standard output.
 .Pp
 The options are as follows:
 .Bl -tag -width Fl
-.It Fl f , -format
+.It Fl b Ar dn , Fl -base Ns = Ns Ar dn
+The base DN (distinguished name) that will be used when performing
+LDAP queries.
+Typically this is of the form
+.Li ou=SUDOers,dc=example,dc=com
+for the domain
+.Li example.com .
+If this option is not specified, the value of the
+.Ev SUDOERS_BASE
+environment variable will be used instead.
+Only necessary when converting to LDIF format.
+.It Fl f Ar output_format , Fl -format Ns = Ns Ar output_format
 Specify the output format.
 The following formats are supported:
 .Bl -tag -width 8n
@@ -73,7 +85,7 @@ Command, host, runas and user aliases are not supported by the
 sudoers LDAP schema so they are expanded during the conversion.
 .El
 .El
-.It Fl h , -help
+.It Fl h , Fl -help
 Display a short help message to the standard output and exit.
 .It Fl o Ar output_file , Fl -output Ns = Ns Ar output_file
 Write the converted output to

plugins/sudoers/cvtsudoers.c

@@ -57,8 +57,9 @@ extern void get_hostname(void);
  */
 struct sudo_user sudo_user;
 struct passwd *list_pw;
-static const char short_opts[] =  "f:ho:V";
+static const char short_opts[] =  "b:f:ho:V";
 static struct option long_opts[] = {
+    { "base",		required_argument,	NULL,	'b' },
     { "format",		required_argument,	NULL,	'f' },
     { "help",		no_argument,		NULL,	'h' },
 #ifdef notyet
@@ -86,6 +87,7 @@ main(int argc, char *argv[])
     enum output_formats output_format = output_ldif;
     const char *input_file = "-";
     const char *output_file = "-";
+    const char *sudoers_base = NULL;
     debug_decl(main, SUDOERS_DEBUG_MAIN)
 
 #if defined(SUDO_DEVEL) && defined(__OpenBSD__)
@@ -120,6 +122,9 @@ main(int argc, char *argv[])
      */
     while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) {
 	switch (ch) {
+	case 'b':
+	    sudoers_base = optarg;
+	    break;
 	case 'f':
 	    if (strcasecmp(optarg, "json") == 0) {
 		output_format = output_json;
@@ -211,7 +216,7 @@ main(int argc, char *argv[])
 	exitcode = !convert_sudoers_json(output_file);
 	break;
     case output_ldif:
-	exitcode = !convert_sudoers_ldif(output_file, NULL);
+	exitcode = !convert_sudoers_ldif(output_file, sudoers_base);
 	break;
     default:
 	sudo_fatalx("error: unhandled output format %d", output_format);
@@ -232,7 +237,7 @@ static void
 usage(int fatal)
 {
     (void) fprintf(fatal ? stderr : stdout,
-	"usage: %s [-hV] [-f format] [-o output_file] [sudoers_file]\n",
+	"usage: %s [-hV] [-b dn] [-f format] [-o output_file] [sudoers_file]\n",
 	    getprogname());
     if (fatal)
 	exit(1);
@@ -244,6 +249,7 @@ help(void)
     (void) printf(_("%s - convert between sudoers file formats\n\n"), getprogname());
     usage(0);
     (void) puts(_("\nOptions:\n"
+	"  -b, --base=dn            the base DN for sudo LDAP queries\n"
 	"  -f, --format=JSON|LDIF   specify output format (JSON or LDIF)\n"
 	"  -h, --help               display help message and exit\n"
 	"  -o, --output=output_file write converted sudoers to output_file\n"

plugins/sudoers/cvtsudoers_ldif.c

@@ -401,7 +401,7 @@ convert_sudoers_ldif(const char *output_file, const char *base)
     if (base == NULL) {
 	base = getenv("SUDOERS_BASE");
 	if (base == NULL)
-	    sudo_fatalx(U_("The SUDOERS_BASE environment variable is not set"));
+	    sudo_fatalx(U_("the SUDOERS_BASE environment variable is not set and the -b option was not specified."));
     }
 
     if (strcmp(output_file, "-") != 0) {