On 01.06.23 08:10, Ronald Wimmer via FreeIPA-users wrote:
On 31.05.23 20:18, Alexander Bokovoy wrote:
On Wed, 31 May 2023, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
We managed to integrate AIX IPA clients successfully some time ago.
sudo
was also working fine. A few weeks ago sudo stopped working.
It begs the question: what happened a few weeks ago? Did you upgrade
anything?
My AIX colleagues say no.
What version of IPA server?
What version of slapi-nis package?
Version : 0.60.0
Release : 1.module+el8.7.0+20837+581a7c1e
The /etc/ldap.conf on our AIX clients contains the following line:
sudoers_base cn=users,cn=compat,ou=sudoers,dc=linux,dc=mydomain,dc=at
I believe it should be ou=sudoers,dc=linux,dc=mydomain,dc=at
Why don't I see an ou=sudoers with an LDAP browser? Is there some kind
of magic going on I am not aware of?
If we try to look that up with an LDAP browser we do not even find a OU
named "sudoers". Did the LDAP structure change in the recent past? What
should the sudoers_base line contain?
Changes were made in slapi-nis which provides the compat tree but like I
said, I don't know that cn=users,cn=compat,ou=sudoers would have ever
worked.
Indeed. That DN would have never matched anything.
I agree because that DN simply does not exist in the LDAP tree.
# grep -E 'dn: .*,cn=Schema Compatibility|schema-compat-container'
/etc/dirsrv/slapd-IPA-TEST/dse.ldif
Here is where confusion starts for me. What is that compat stuff? Should
I be able to see that in the LDAP tree with an LDAP browser or is there
a different mechanism in place? (I am only aware that one can import and
export ldif files...)
So... any hints here on how to proceed?
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
