On 12/20/2012 04:43 PM, Han Boetes wrote:
Hi,
I discovered that using this recipe makes setting up sudo-ldap very simple.
Even when anonymous binds is disabled.
TLS_CACERT /etc/ipa/ca.crt
TLS_REQCERT demand
SASL_MECH GSSAPI
BASE dc=domain,dc=com
URI ldap://auth-ipa.domain.com <http://auth-ipa.domain.com>
ROOTUSE_SASL on
SUDOERS_BASE ou=SUDOers,dc=domain,dc=com
SUDOERS_DEBUG 2
Of course you can set DEBUG to 0 once everything works.
I'd like to share this since the docs on the freeipa site on how to set up sudo
were quite a bit more complicated.
# Han
Hello Han,
Thanks! I will forward this example to our doc guys to see if we can make the
sudo client configuration example easier to follow.
Martin
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
