On Tue, Jul 10, 2012 at 02:15:41PM -0500, KodaK wrote:
> My sudo-ldap.conf file:
> binddn uid=sudo,cn=sysaccounts,cn=etc,dc=validserver,dc=com
> bindpw validpassword
> ssl start_tls
> tls_cacertfile /etc/ipa/ca.crt
> tls_checkpeer yes
> bind_timelimit 5
> timelimit 15
> uri ldap://validserver ldap://validserver2

This may be unrelated, but keep in mind that these should be FQDNs,
because that's what the directory server SSL certificates have in them,
and a client will check that the name in the certificate the server uses
to identify itself matches the name that the client "thinks" the server
has, which the client derives from the URI values given here.

> sudoers_base ou=SUDOers,dc=unix,dc=magellanhealth,dc=com

Assuming your domain name is "UNIX.MAGELLANHEALTH.COM" and you haven't
changed the configuration for the Schema Compatibility plugin, this
looks correct.  If your domain name is something else, you'll need to
change this setting to "ou=SUDOers,$basedn", where "basedn" is the value
listed in your server's /etc/ipa/default.conf file.



Freeipa-users mailing list

Reply via email to