Steven Jones wrote:
Hi,
Except the doc says nss_ldap.conf when its actually ldap.conf...so doc is wrong.
"4. Edit the NSS/LDAP configuration file and add the following sudo-related
lines to the
/etc/nss_ldap.conf file:"
should read,
"4. Edit the NSS/LDAP configuration file and add the following sudo-related
lines to the
/etc/ldap.conf file:"
Unless someone can point out how sudo should be done....but it works this way.
It would be very helpful if you could file bugs at
http://bugzilla.redhat.com on the documentation when you find errors. We
review them before publishing but we miss things from time to time
(clearly).
The component to use is doc-Enterprise_Identity_Management_Guide.
thanks
rob
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: [email protected] [[email protected]] on
behalf of Steven Jones [[email protected]]
Sent: Friday, 24 August 2012 11:16 a.m.
Cc: [email protected]
Subject: Re: [Freeipa-users] RHEL 6.3 identity manual - IPA
Hi,
Just found this doc,
Red Hat Enterprise Linux 5.8
Configuring Identity Management
So Im working through it.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Stephen Ingram [[email protected]]
Sent: Friday, 24 August 2012 11:00 a.m.
To: Steven Jones
Cc: [email protected]
Subject: Re: [Freeipa-users] RHEL 6.3 identity manual - IPA
On Thu, Aug 23, 2012 at 2:26 PM, Steven Jones <[email protected]> wrote:
Some notes on the identity manual which says its for RHEl6,
"13.4.2. Client Configuration for sudo Rules This example specifically
configures a Red Hat Enterprise Linux 6 client for sudo rules.
8><----
2. Enable debug logging for sudo operations in the /etc/ldap.conf file. If
this file does not exist, it can be created. vim /etc/ldap.conf
sudoers_debug:
It seems for a RHEL6 client its /etc/sudo-ldap.conf
ditto 4.
Edit the NSS/LDAP configuration file and add the following sudo-related
lines to the
/etc/nslcd.conf file:
binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
bindpw sudo_password
ssl start_tls
tls_cacertfile /etc/ipa/ca.crt
tls_checkpeer yes
bind_timelimit 5
timelimit 15
uri ldap://ipaserver.example.com ldap://backup.example.com:3890
sudoers_base ou=SUDOers,dc=example,dc=com
It seems for a RHEL6 client its /etc/sudo-ldap.conf
So it that section referring to RHEL5?
Most likely. /etc/sudo-ldap.conf is new with RHEL 6.3. Before that
(6.0-6.2) you had to use /etc/nslcd.conf. RHEL 5 series used a
different configuration altogether. I think that will eventually
change to as this becomes handled directly by sssd. Not a moment too
soon if you ask me. There are so many competing ways to set this up,
each with varying advantages and disadvantages. This is probably why
RH decided to just write sssd from scratch such that they could handle
all of the existing setups as well as new stuff like laptops out of
the office that need cached credentials and such.
Steve
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
