On Fri, 17 Oct 2014, Vaclav Adamec wrote:
is there any valid documentation/setup to get sudo working?
is not usable, modification of another files are needed to get at least
attempts to ldap (for example on CentOS /etc/sudo-ldap.conf). Other
documentation or googled setup seems to sometimes mixture of not very
compatible settings.

So far all attempts fails, if you want to see actual setup and state see
public gist -

Any help would be appreciated, also if there is any public
training/certification please get me know (I found only RedHat which is
based on older versions)
FreeIPA 4.0.3 has sudo configuration integrated into ipa-client-install
by default. If you don't want to use that, you can run
ipa-client-install --no-sudo.

Now, I'm confused by your logs. They are a mixture of unrelated things:

- you have nslcd and sssd configured at the same time. Why?
- you don't need to configure /etc/sudo-ldap.conf if you are using

As Dmitri said, configuration described in
and also covered in SSSD manual pages, sssd-sudo(5). In particular, it
says since sssd 1.10.0:
When the SSSD is configured to use IPA as the ID provider, the sudo
provider is automatically enabled. The sudo search base is configured to
use the compat tree (ou=sudoers,$DC).

Prior to that it included detailed configuration how to set up sudo for
SSSD with IPA provider.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to