no problem, thanks for trying! I just figured it out.
yum -y install libsss_sudo fixed it. Should this package be a dependency that
gets pulled in when IPA client is installed? shall I file a bug?
Thanks,
Brian
---
Brian Cook
Solutions Architect, Red Hat, Inc.
407-212-7079
On Mar 21,
We already have a bug filed:
https://bugzilla.redhat.com/show_bug.cgi?id=924395
This should be fixed along with ticket adding sudo configuration support to
ipa-client-install:
https://fedorahosted.org/freeipa/ticket/3358
Martin
On 03/22/2013 07:13 AM, Brian Cook wrote:
no problem, thanks for
Hey Rich,
I found out the issue. Thank you for pointing me in the right direction.
The user I am using for Password Sync has a login name of idmpasssync but the
display name was IDM Password Sync. I changed the display name to idmpasssync
and I was able to do the ldapsearch.
I just ran the
On 03/21/2013 09:04 AM, Jan-Frode Myklebust wrote:
Serverdefault has a hack for supporting nested groups on
RHEL5/apache-2.2 involving a ldap filter using
LDAP_MATCHING_RULE_IN_CHAIN on Active Directory, ref:
http://serverfault.com/a/424706
Does anybody know if a similar filter can be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/21/2013 09:04 AM, Jan-Frode Myklebust wrote:
Serverdefault has a hack for supporting nested groups on
RHEL5/apache-2.2 involving a ldap filter using
LDAP_MATCHING_RULE_IN_CHAIN on Active Directory, ref:
http://serverfault.com/a/424706
On Thu, Mar 21, 2013 at 06:58:00PM +0100, Jakub Hrozek wrote:
On Thu, Mar 21, 2013 at 11:39:27PM +0600, Arthur Fayzullin wrote:
HI!
I have configured sssd_sudo integration on EL6.4 and it works nice!
But then I've checked this:
[afaizullin@domen00 ~]$ sudo package-cleanup --leaves
This works:
Require ldap-attribute
memberof=cn=cactiaccess,cn=groups,cn=accounts,dc=example,dc=net
but only if I also provide a username/password for apache
to bind as. Doesn't work with unauthenticated binds.
-jf
___
Freeipa-users
On 03/22/2013 09:12 AM, Jan-Frode Myklebust wrote:
This works:
Require ldap-attribute
memberof=cn=cactiaccess,cn=groups,cn=accounts,dc=example,dc=net
but only if I also provide a username/password for apache
to bind as. Doesn't work with unauthenticated binds.
-jf
Because
On Fri, Mar 22, 2013 at 09:59:14AM -0400, Dmitri Pal wrote:
Because anonymous binds are rightly turned off by default,
They are? I don't think I've ever explicitly turned on anonymous binds,
and my directories are open to anonymous searches. The confusing thing is
that not all attributes are
On 03/22/2013 10:20 AM, Jan-Frode Myklebust wrote:
On Fri, Mar 22, 2013 at 09:59:14AM -0400, Dmitri Pal wrote:
Because anonymous binds are rightly turned off by default,
They are? I don't think I've ever explicitly turned on anonymous binds,
and my directories are open to anonymous searches.
Dmitri Pal wrote:
On 03/22/2013 10:20 AM, Jan-Frode Myklebust wrote:
On Fri, Mar 22, 2013 at 09:59:14AM -0400, Dmitri Pal wrote:
Because anonymous binds are rightly turned off by default,
They are? I don't think I've ever explicitly turned on anonymous binds,
and my directories are open to
On Thu, Mar 21, 2013 at 09:57:50PM +0100, Jan-Frode Myklebust wrote:
On Thu, Mar 21, 2013 at 03:29:38PM +0100, Jakub Hrozek wrote:
I see several failures related to the SELinux processing:
---
(Thu Mar 21 08:23:57 2013) [sssd[be[example.net]]]
[ipa_selinux_get_maps_done]
On 03/22/2013 11:01 AM, Rob Crittenden wrote:
Dmitri Pal wrote:
On 03/22/2013 10:20 AM, Jan-Frode Myklebust wrote:
On Fri, Mar 22, 2013 at 09:59:14AM -0400, Dmitri Pal wrote:
Because anonymous binds are rightly turned off by default,
They are? I don't think I've ever explicitly turned on
On Fri, Mar 22, 2013 at 04:19:39PM +0100, Jakub Hrozek wrote:
Then maybe SSSD is tripping over the absence of the SELinux map order.
At least that's the way I read the SSSD code, it relies on the presence
of the ipaSELinuxUserMapOrder attribute.
What does:
$ ipa config-show --all --raw |
On Fri, 2013-03-22 at 15:20 +0100, Jan-Frode Myklebust wrote:
On Fri, Mar 22, 2013 at 09:59:14AM -0400, Dmitri Pal wrote:
Because anonymous binds are rightly turned off by default,
They are? I don't think I've ever explicitly turned on anonymous binds,
and my directories are open to
15 matches
Mail list logo
