On 08/24/2012 09:07 AM, Rob Crittenden wrote: > Steven Jones wrote: >> Hi, >> >> Except the doc says nss_ldap.conf when its actually ldap.conf...so >> doc is wrong. >> >> "4. Edit the NSS/LDAP configuration file and add the following >> sudo-related lines to the >> /etc/nss_ldap.conf file:" >> >> should read, >> >> "4. Edit the NSS/LDAP configuration file and add the following >> sudo-related lines to the >> /etc/ldap.conf file:" >> >> Unless someone can point out how sudo should be done....but it works >> this way. > > It would be very helpful if you could file bugs at > http://bugzilla.redhat.com on the documentation when you find errors. > We review them before publishing but we miss things from time to time > (clearly). > > The component to use is doc-Enterprise_Identity_Management_Guide.
Steven, Did you have a chance to file any BZs based on the discussion in this thread? Thank you for your help and contribution! Dmitri > > thanks > > rob > >> >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> ________________________________________ >> From: [email protected] >> [[email protected]] on behalf of Steven Jones >> [[email protected]] >> Sent: Friday, 24 August 2012 11:16 a.m. >> Cc: [email protected] >> Subject: Re: [Freeipa-users] RHEL 6.3 identity manual - IPA >> >> Hi, >> >> Just found this doc, >> >> Red Hat Enterprise Linux 5.8 >> Configuring Identity Management >> >> So Im working through it. >> >> regards >> >> Steven Jones >> >> Technical Specialist - Linux RHCE >> >> Victoria University, Wellington, NZ >> >> 0064 4 463 6272 >> >> ________________________________________ >> From: Stephen Ingram [[email protected]] >> Sent: Friday, 24 August 2012 11:00 a.m. >> To: Steven Jones >> Cc: [email protected] >> Subject: Re: [Freeipa-users] RHEL 6.3 identity manual - IPA >> >> On Thu, Aug 23, 2012 at 2:26 PM, Steven Jones >> <[email protected]> wrote: >>> Some notes on the identity manual which says its for RHEl6, >>> >>> "13.4.2. Client Configuration for sudo Rules This example specifically >>> configures a Red Hat Enterprise Linux 6 client for sudo rules. >>> >>> 8><---- >>> >>> 2. Enable debug logging for sudo operations in the /etc/ldap.conf >>> file. If >>> this file does not exist, it can be created. vim /etc/ldap.conf >>> sudoers_debug: >>> >>> It seems for a RHEL6 client its /etc/sudo-ldap.conf >>> >>> ditto 4. >>> >>> Edit the NSS/LDAP configuration file and add the following sudo-related >>> lines to the >>> /etc/nslcd.conf file: >>> binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com >>> bindpw sudo_password >>> ssl start_tls >>> tls_cacertfile /etc/ipa/ca.crt >>> tls_checkpeer yes >>> bind_timelimit 5 >>> timelimit 15 >>> uri ldap://ipaserver.example.com ldap://backup.example.com:3890 >>> sudoers_base ou=SUDOers,dc=example,dc=com >>> >>> It seems for a RHEL6 client its /etc/sudo-ldap.conf >>> >>> So it that section referring to RHEL5? >> >> Most likely. /etc/sudo-ldap.conf is new with RHEL 6.3. Before that >> (6.0-6.2) you had to use /etc/nslcd.conf. RHEL 5 series used a >> different configuration altogether. I think that will eventually >> change to as this becomes handled directly by sssd. Not a moment too >> soon if you ask me. There are so many competing ways to set this up, >> each with varying advantages and disadvantages. This is probably why >> RH decided to just write sssd from scratch such that they could handle >> all of the existing setups as well as new stuff like laptops out of >> the office that need cached credentials and such. >> >> Steve >> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/freeipa-users >> > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
