On Sun, Feb 26, 2012 at 7:32 PM, Dmitri Pal <d...@redhat.com> wrote: > On 02/25/2012 05:46 PM, JR Aquino wrote: > > On Feb 25, 2012, at 1:59 PM, "Marco Pizzoli" <marco.pizz...@gmail.com > <mailto:marco.pizz...@gmail.com>> wrote: > > > > Hi guys, > > I had a look at this guide [1] but I'm not understanding the presented > use-case. > > > > - I see that I have to add in /etc/nsswitch.conf the line "sudoers: > files ldap". > > -> I'm telling sudo to check rules via ldap > > > > > > Yes. This doc was written before sssd or sudo had support for one > another. > > > > - I have to add in sssd.conf the directive "ldap_netgroup_search_base = > cn=ng,cn=compat,dc=example,dc=com" > > -> I'm telling sssd where to search for netgroups > > > > > > This is my fault, this too was documented prior to the default. This is > no longer necessary. > > > > - I have to edit the file nslcd.conf and insert all ldap related stuff > necessary to access the ldap server. > > > > This come my question: why do I have to split my conf between sssd.conf > and nslcd.conf ? > > > > > > Because only the newest sudo version has support and it is not yet > available In rhel... > > > > > > Can't I use directly sssd.conf and use it as sole tool/conf to access > the ldap server? > > What am I missing? > > > > > > Again. Docs were written before any form of sssd support for sudo. I > will see if I can locate any formal docs on which versions, and what > configs are necessary. > > > > > > Thanks a lot as usual > > Marco > > > > This is not yet even in Fedora. 1.8 is not released yet, it is in beta. > Tight SSSD and SUDO integration is a bleeding edge functionality that is > not well documented yet. >
Thanks to both of you for your answer, very appreciated. I'm aware that SSSD and SUDO native integration is not released yet and so, in a RHEL6 doc, I cannot find any info related to that (yet). Simply, I was not sure that I really needed to touch nslcd.conf (even if not actually using nslcd, by following what written in the doc) for having sudo searching via ldap. I read documentation better and now I understand more the logic flow. Sorry for the noise. Thanks again Marco > > > [1] > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/example-configuring-sudo.html#Setting_up_sudo_Rules-Client_Configuration_for_sudo_Rules > > _______________________________________________ > > sssd-devel mailing list > > sssd-devel@lists.fedorahosted.org<mailto: > sssd-devel@lists.fedorahosted.org> > > https://fedorahosted.org/mailman/listinfo/sssd-devel > > _______________________________________________ > > sssd-devel mailing list > > sssd-devel@lists.fedorahosted.org > > https://fedorahosted.org/mailman/listinfo/sssd-devel > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IPA project, > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel >
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel