Just tried to make fresh install, but when I try to manage it with 389
Console (Configuration), I got the following error:
The user
uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does
not have permission to perform this operation.
OS is Centos 6.4, 389 are the following versions:
389-admin-console-1.1.8-1.el6.noarch
389-adminutil-1.1.15-1.el6.i686
389-ds-base-1.2.11.15-11.el6.i686
389-admin-1.1.29-1.el6.i686
389-ds-console-doc-1.2.6-1.el6.noarch
389-dsgw-1.1.10-1.el6.i686
389-admin-console-doc-1.1.8-1.el6.noarch
389-console-1.1.7-1.el6.noarch
389-ds-base-libs-1.2.11.15-11.el6.i686
389-ds-1.2.2-1.el6.noarch
389-ds-console-1.2.6-1.el6.noarch
I found this:
http://lists.fedoraproject.org/pipermail/389-users/2011-January/012718.html
But this is old error. The interesting thing is that the upgrades are
working ok.
Alan
On 23.5.2013 4:15, Dan Lavu wrote:
John,
Thanks for all the info. I'm running a very similar setup but I'm
still using the legacy sudo-ldap.conf for my sudo info, I'll install
sudo-sss and give that a whirl.
Dan
On May 22, 2013, at 8:09 PM, Jonathan Vaughn <jonat...@creatuity.com
<mailto:jonat...@creatuity.com>> wrote:
we're using sssd for Kerberos logins with LDAP user account details,
and it's caching sudo LDAP for us too. I'm not sure off hand if it'll
work with nested groups if you use them - we haven't used nested
groups on any of the groups we've used with sudo (due to other
various programs failing to support either recursing through groups
or using the memberof attribute on the user).
For that example I gave before, the other sudo values are:
sudocommand: ALL
sudohost: ALL
On other sudoroles we have specific commands and hosts too. We're not
using any other sudo attributes on our sudoroles at the moment (we
actually need to update the schema for the version of sudo we're
running, since it expectes sudorunasuser and sudorunasgroup rather
than sudorunas, for example).
On Wed, May 22, 2013 at 7:54 PM, Dan Lavu <d...@lavu.net
<mailto:d...@lavu.net>> wrote:
John,
Thats the last thing I wanted to hear. What attributes do you
have, sudouser, sudooptions, sudorun? Also are you using sssd or
pam ldap?
Dan
On May 22, 2013, at 7:52 PM, Jonathan Vaughn
<jonat...@creatuity.com <mailto:jonat...@creatuity.com>> wrote:
Works for us fine without any fancy treatment:
sudouser: %Global System Administrators
using sudo 1.8.something on centos.
On Wed, May 22, 2013 at 7:36 PM, Dan Lavu <d...@lavu.net
<mailto:d...@lavu.net>> wrote:
Has anybody successfully created a sudoers group in 389 that
contains a space? Whatever way I try to escape the space in
my sudouser attribute it just doesn't like it. I'm able to
escape the space in /etc/sudoers by using \ .
So..
sudouser: %domain\ admins
sudouser: %domain admins
sudouser: \%domain\ admins
sudouser: "%domain admins"
sudouser: '%domain admins'
have not worked, thanks in advance.
Dan
--
389 users mailing list
389-users@lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
<mailto:us...@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org <mailto:us...@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
