On 02/25/2012 05:46 PM, JR Aquino wrote: > On Feb 25, 2012, at 1:59 PM, "Marco Pizzoli" > <[email protected]<mailto:[email protected]>> wrote: > > Hi guys, > I had a look at this guide [1] but I'm not understanding the presented > use-case. > > - I see that I have to add in /etc/nsswitch.conf the line "sudoers: files > ldap". > -> I'm telling sudo to check rules via ldap > > > Yes. This doc was written before sssd or sudo had support for one another. > > - I have to add in sssd.conf the directive "ldap_netgroup_search_base = > cn=ng,cn=compat,dc=example,dc=com" > -> I'm telling sssd where to search for netgroups > > > This is my fault, this too was documented prior to the default. This is no > longer necessary. > > - I have to edit the file nslcd.conf and insert all ldap related stuff > necessary to access the ldap server. > > This come my question: why do I have to split my conf between sssd.conf and > nslcd.conf ? > > > Because only the newest sudo version has support and it is not yet available > In rhel... > > > Can't I use directly sssd.conf and use it as sole tool/conf to access the > ldap server? > What am I missing? > > > Again. Docs were written before any form of sssd support for sudo. I will > see if I can locate any formal docs on which versions, and what configs are > necessary. > > > Thanks a lot as usual > Marco >
This is not yet even in Fedora. 1.8 is not released yet, it is in beta. Tight SSSD and SUDO integration is a bleeding edge functionality that is not well documented yet. > [1] > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/example-configuring-sudo.html#Setting_up_sudo_Rules-Client_Configuration_for_sudo_Rules > _______________________________________________ > sssd-devel mailing list > [email protected]<mailto:[email protected]> > https://fedorahosted.org/mailman/listinfo/sssd-devel > _______________________________________________ > sssd-devel mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/sssd-devel -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
