Macklin, Jason wrote:
Yes, resolution works correctly at both the host and the freeIPA server.


I am still quite new to LDAP so I'm not sure exactly what I should be looking 
for when running ldapsearch.

The attempts that I have made have been less then fruitful though... examples 

/usr/bin/ldapsearch -I -H ldap:// 
"ou=SUDOers,dc=dbr,dc=roche,dc=com"SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available:

This sort of return occurs for either working or non-working users both!

As I am new to ldap... is there a specific ldapsearch command/option I should 
be using?

You want to be authenticated to search the sudo data, so do something like:

 $ kinit admin (or some user)
 $ ldapsearch -Y GSSAPI ...


Freeipa-users mailing list

Reply via email to