Hi Rob, This is the way I configured it:- 1. Added the details in /etc/ldap.conf :- binddn uid=sudo,cn=sysaccounts,cn=etc,dc=chargepoint,dc=dmz bindpw xxxxxxxxxxxxxxxx
ssl start_tls tls_cacertfile /etc/ipa/ca.crt tls_checkpeer yes bind_timelimit 5 timelimit 15 uri ldap://ipa1.chargepoint.dmz sudoers_base ou=SUDOers,dc=chargepoint,dc=dmz sudoers_debug 1 2. Modified /etc/nsswitch.conf to fetch sudo details from ldap:- sudoers: files ldap 3. So what I can understand from the above steps is that I am interacting directly with the LDAP (389-ds) Server directly (because I am not using sss (instead ldap is being used)). On Mon, Feb 4, 2013 at 7:50 PM, Rob Crittenden <rcrit...@redhat.com> wrote: > Fred van Zwieten wrote: >> >> Hi, >> >> ipa-client-install should take care of setting up sudo on the client to >> use IPA, afaik. >> > > Not yet, https://fedorahosted.org/freeipa/ticket/3358 > >> Essential line in nsswitch.conf: >> sudoers: files ldap >> >> Please read here >> >> <https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html-single/Identity_Management_Guide/index.html#sudo> > > > Note that the configuration file name is wrong for RHEL 6. You need to use > /etc/sudo-ldap.conf. > > rob > >> >> As for the second question. dc=example,dc=com is, well, an example. >> example.com <http://example.com> is used throughout the documentation >> >> for documentation purposes where a domain name is needed. Please replace >> is with you're domain, e.g. dc=yourcompanyname,dc=com >> >> Met vriendelijke groeten, >> * >> Fred* >> >> >> >> On Mon, Feb 4, 2013 at 7:29 AM, Rajnesh Kumar Siwal >> <rajnesh.si...@gmail.com <mailto:rajnesh.si...@gmail.com>> wrote: >> >> I am planning to use the sudo feature on IPA 2.2. By default the IPA >> client that I configured does not seems to use fetch the sudo user >> details. >> >> It looks that we need to modify nsswitch.conf and ldap.conf to >> support it. >> >> Can sssd take care of fetching the sudo user details ? >> >> Secondly, I am not able to find the password for >> uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com . How do I find it ? >> Will it be safe to change password of this sudo user or it may impact >> the IPA Server ? >> >> Please suggest. >> >> >> -- >> Regards, >> Rajnesh Kumar Siwal >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com> >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> > -- Regards, Rajnesh Kumar Siwal _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
