Hi,

Except the doc says nss_ldap.conf when its actually ldap.conf...so doc is wrong.

"4. Edit the NSS/LDAP configuration file and add the following sudo-related 
lines to the
/etc/nss_ldap.conf file:"

should read,

"4. Edit the NSS/LDAP configuration file and add the following sudo-related 
lines to the
/etc/ldap.conf file:"

Unless someone can point out how sudo should be done....but it works this way.

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Friday, 24 August 2012 11:16 a.m.
Cc: Freeipa-users@redhat.com
Subject: Re: [Freeipa-users] RHEL 6.3 identity manual - IPA

Hi,

Just found this doc,

Red Hat Enterprise Linux 5.8
Configuring Identity Management

So Im working through it.

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Stephen Ingram [sbing...@gmail.com]
Sent: Friday, 24 August 2012 11:00 a.m.
To: Steven Jones
Cc: Freeipa-users@redhat.com
Subject: Re: [Freeipa-users] RHEL 6.3 identity manual - IPA

On Thu, Aug 23, 2012 at 2:26 PM, Steven Jones <steven.jo...@vuw.ac.nz> wrote:
> Some notes on the identity manual which says its for RHEl6,
>
> "13.4.2. Client Configuration for sudo Rules This example specifically
> configures a Red Hat Enterprise Linux 6 client for sudo rules.
>
> 8><----
>
> 2. Enable debug logging for sudo operations in the /etc/ldap.conf file. If
> this file does not exist, it can be created. vim /etc/ldap.conf
> sudoers_debug:
>
> It seems for a RHEL6 client its /etc/sudo-ldap.conf
>
> ditto 4.
>
> Edit the NSS/LDAP configuration file and add the following sudo-related
> lines to the
> /etc/nslcd.conf file:
> binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
> bindpw sudo_password
> ssl start_tls
> tls_cacertfile /etc/ipa/ca.crt
> tls_checkpeer yes
> bind_timelimit 5
> timelimit 15
> uri ldap://ipaserver.example.com ldap://backup.example.com:3890
> sudoers_base ou=SUDOers,dc=example,dc=com
>
> It seems for a RHEL6 client its /etc/sudo-ldap.conf
>
> So it that section referring to RHEL5?

Most likely. /etc/sudo-ldap.conf is new with RHEL 6.3. Before that
(6.0-6.2) you had to use /etc/nslcd.conf. RHEL 5 series used a
different configuration altogether. I think that will eventually
change to as this becomes handled directly by sssd. Not a moment too
soon if you ask me. There are so many competing ways to set this up,
each with varying advantages and disadvantages. This is probably why
RH decided to just write sssd from scratch such that they could handle
all of the existing setups as well as new stuff like laptops out of
the office that need cached credentials and such.

Steve



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to