Sudo under gentoo uses /etc/ldap.conf.sudo by default. This is unexpected behavior. Brian Vargas in bug 107634 stated: "Actually, the configuration file is intentionally set to ldap.conf.sudo so that the sudoers information can be read-only, in the same way that /etc/sudoers is usually read-only. Simply symlinking and changing the permissions leaves yourself less secure." So, it looks like this was done for a reason. However, it would be nice if this behavior were instead enabled via a USE flag. perhaps wrap "$(use_with ldap ldap_conf_file /etc/ldap.conf.sudo)" with "if use ldap_conf_file" or similar? Reproducible: Always Steps to Reproduce: 1. 2. 3.
or rather, simply change that line to: $(use_with alternate_ldap_config ldap_conf_file /etc/ldap.conf.sudo) or similar.
This behaviour is specified in a post_install warning and leaving a world readable ldap.conf is an insecure practice because it's just like having a world readable /etc/sudoers. So I don't think we should allow the option to have an unsafe configuration. ccing taviso for another opinion about this and closing as WONTFIX, we'll reopen if necessary.