Rajnesh Kumar Siwal wrote:
Hi Rob,

This is the way I configured it:-
1. Added the details in /etc/ldap.conf :-
binddn uid=sudo,cn=sysaccounts,cn=etc,dc=chargepoint,dc=dmz
bindpw xxxxxxxxxxxxxxxx

ssl start_tls
tls_cacertfile /etc/ipa/ca.crt
tls_checkpeer yes

bind_timelimit 5
timelimit 15

uri ldap://ipa1.chargepoint.dmz
sudoers_base ou=SUDOers,dc=chargepoint,dc=dmz
sudoers_debug 1

2. Modified /etc/nsswitch.conf to fetch sudo details from ldap:-
sudoers:    files ldap

3. So what I can understand from the above steps is that I am
interacting directly with the LDAP (389-ds) Server directly (because I
am not using sss (instead ldap is being used)).

What distribution and release number is the client?

Can you include what you see when you execute a sudo?

rob



On Mon, Feb 4, 2013 at 7:50 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
Fred van Zwieten wrote:

Hi,

ipa-client-install should take care of setting up sudo on the client to
use IPA, afaik.


Not yet, https://fedorahosted.org/freeipa/ticket/3358

Essential line in nsswitch.conf:
sudoers:    files ldap

Please read here

<https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#sudo>


Note that the configuration file name is wrong for RHEL 6. You need to use
/etc/sudo-ldap.conf.

rob


As for the second question. dc=example,dc=com is, well, an example.
example.com <http://example.com> is used throughout the documentation

for documentation purposes where a domain name is needed. Please replace
is with you're domain, e.g. dc=yourcompanyname,dc=com

Met vriendelijke groeten,
*
Fred*



On Mon, Feb 4, 2013 at 7:29 AM, Rajnesh Kumar Siwal
<rajnesh.si...@gmail.com <mailto:rajnesh.si...@gmail.com>> wrote:

     I am planning to use the sudo feature on IPA 2.2. By default the IPA
     client that I configured does not seems to use fetch the sudo user
     details.

     It looks that we need to modify nsswitch.conf and ldap.conf to
     support it.

     Can sssd take care of fetching the sudo user details ?

     Secondly, I am not able to find the password for
     uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com . How do I find it ?
     Will it be safe to change password of this sudo user or it may impact
     the IPA Server ?

     Please suggest.


     --
     Regards,
     Rajnesh Kumar Siwal

     _______________________________________________
     Freeipa-users mailing list
     Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
     https://www.redhat.com/mailman/listinfo/freeipa-users





_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users






_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to