dn: cn=lighttpd_ban-ip_show,ou=SUDOers,ou=app,dc=example,dc=com
objectClass: top
objectClass: sudoRole
cn: lighttpd_ban-ip_show
description: sudo rule to give lighttpd access to ban-ip.sh
sudoUser: lighttpd
sudoRunAsUser: root
sudoOption: !authenticate
sudoHost: ban-ip.example.com
sudoCommand: /var/www/lighttpd/sbin/ban-ip.sh show

The !authenticate option acts the same as NOPASSWD from the sudoers file. Other options:

NOPASSWD:     !authenticate
PASSWD:       authenticate
NOEXEC:       noexec
EXEC:         !noexec
SETENV:       setenv
NOSETENV:     !setenv
LOG_INPUT:    log_input
NOLOG_INPUT:  !log_input
LOG_OUTPUT:   log_output
NOLOG_OUTPUT: !log_output

sudoOption: !requiretty
sudoOption: !root_sudo
sudoOption: !set_logname
sudoOption: syslog=local2
sudoOption: runas_default=adm
sudoOption: ignore_local_sudoers
sudoOption: always_set_home
sudoOption: passprompt=Your password:
sudoOption: mail_no_perms
sudoOption: mail_no_host
sudoOption: mail_no_user
sudoOption: mailto=root at domain.com
sudoOption: env_reset
sudoOption: env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME
LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS
XDG_SESSION_COOKIE"
sudoOption: targetpw