On Fri, 17 Oct 2014, Vaclav Adamec wrote:
is there any valid documentation/setup to get sudo working?
is not usable, modification of another files are needed to get at least
attempts to ldap (for example on CentOS /etc/sudo-ldap.conf). Other
documentation or googled setup seems to sometimes mixture of not very
So far all attempts fails, if you want to see actual setup and state see
public gist -
Any help would be appreciated, also if there is any public
training/certification please get me know (I found only RedHat which is
based on older versions)
FreeIPA 4.0.3 has sudo configuration integrated into ipa-client-install
by default. If you don't want to use that, you can run
Now, I'm confused by your logs. They are a mixture of unrelated things:
- you have nslcd and sssd configured at the same time. Why?
- you don't need to configure /etc/sudo-ldap.conf if you are using
As Dmitri said, configuration described in
and also covered in SSSD manual pages, sssd-sudo(5). In particular, it
says since sssd 1.10.0:
When the SSSD is configured to use IPA as the ID provider, the sudo
provider is automatically enabled. The sudo search base is configured to
use the compat tree (ou=sudoers,$DC).
Prior to that it included detailed configuration how to set up sudo for
SSSD with IPA provider.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project