And indeed the compat tree was disabled.
Guess I forgot to reenable it after copying the db to a testing
Thanks guys, sudo is working fine now.
On Tue, 2016-08-23 at 10:13 -0400, Rob Crittenden wrote:
> Pavel Březina wrote:
> > On 08/23/2016 01:55 PM, Tony Brian Albers wrote:
> >> Here you are:
> >> [root ~]# ldapsearch -Y GSSAPI -b $dc
> >> '(ou=*)' -s onelevel
> >> # profile, $domain
> >> dn: ou=profile,$dc
> >> objectClass: top
> >> objectClass: organizationalUnit
> >> ou: profiles
> >> ou: profile
> >> # search result
> >> search: 4
> >> result: 0 Success
> >> # numResponses: 2
> >> # numEntries: 1
> > Sudo rules are not downloaded by SSSD because ou=sudoers is missing on
> > the IPA server, or it may have incorrect ACL. Does someone from IPA team
> > know why?
> Perhaps the compat tree is disabled:
> $ ipa-compat-manage status
Systems administrator, IT-development
State and University Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 8946 2316
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project