[Freeipa-users] Re: FreeIPA and AIX - sudoers_base

Wed, 31 May 2023 23:10:46 -0700 

On 31.05.23 20:18, Alexander Bokovoy wrote:

On Wed, 31 May 2023, Rob Crittenden via FreeIPA-users wrote:

Ronald Wimmer via FreeIPA-users wrote:

We managed to integrate AIX IPA clients successfully some time ago. sudo
was also working fine. A few weeks ago sudo stopped working.


It begs the question: what happened a few weeks ago? Did you upgrade
anything?


My AIX colleagues say no.



What version of IPA server?


What version of slapi-nis package?


Version      : 0.60.0
Release      : 1.module+el8.7.0+20837+581a7c1e


The /etc/ldap.conf on our AIX clients contains the following line:
sudoers_base cn=users,cn=compat,ou=sudoers,dc=linux,dc=mydomain,dc=at


I believe it should be ou=sudoers,dc=linux,dc=mydomain,dc=at



Why don't I see an ou=sudoers with an LDAP browser? Is there some kind 
of magic going on I am not aware of?





If we try to look that up with an LDAP browser we do not even find a OU
named "sudoers". Did the LDAP structure change in the recent past? What
should the sudoers_base line contain?


Changes were made in slapi-nis which provides the compat tree but like I
said, I don't know that cn=users,cn=compat,ou=sudoers would have ever
worked.


Indeed. That DN would have never matched anything.


I agree because that DN simply does not exist in the LDAP tree.




# grep -E 'dn: .*,cn=Schema Compatibility|schema-compat-container' 
/etc/dirsrv/slapd-IPA-TEST/dse.ldif



Here is where confusion starts for me. What is that compat stuff? Should 
I be able to see that in the LDAP tree with an LDAP browser or is there 
a different mechanism in place? (I am only aware that one can import and 
export ldif files...)


Cheers,
Ronald
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue






















					Reply via email to