<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Trebuchet MS";
panose-1:2 11 6 3 2 2 2 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"Pré-formatação HTML Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Texto de balão Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.Pr-formataoHTMLChar
{mso-style-name:"Pré-formatação HTML Char";
mso-style-priority:99;
mso-style-link:"Pré-formatação HTML";
font-family:Consolas;
color:black;
mso-fareast-language:EN-US;}
span.TextodebaloChar
{mso-style-name:"Texto de balão Char";
mso-style-priority:99;
mso-style-link:"Texto de balão";
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.EstiloDeEmail22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EstiloDeEmail23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EstiloDeEmail24
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EstiloDeEmail25
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1168709267;
mso-list-type:hybrid;
mso-list-template-ids:2031918816 68550657 68550659 68550661 68550657 68550659 68550661 68550657 68550659 68550661;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:"&\#61623";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:"&\#61607";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:"&\#61623";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:"&\#61607";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:"&\#61623";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:"&\#61607";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="PT-BR" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hello Dmitri.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">I finally managed to write the wiki article on configuring sudo on AIX!<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Here is the URL: <a href="http://www.freeipa.org/page/SUDO_Integration_for_AIX">
http://www.freeipa.org/page/SUDO_Integration_for_AIX</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">I also added a reference to it on the
<a href="http://www.freeipa.org/page/HowTos#General">http://www.freeipa.org/page/HowTos#General</a> page as well as a topic on the
<a href="http://www.freeipa.org/page/ConfiguringUnixClients">http://www.freeipa.org/page/ConfiguringUnixClients</a> page pointing to the article.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">I hope its format is up to code with FreeIPA’s formatting standards and that the language used is clear.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Atenciosamente/Best Regards</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:PT-BR"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">__________________________________________</span></b><span style="font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";mso-fareast-language:PT-BR"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Luiz Fernando Vianna da Silva<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">ITM-I - Operação Cielo<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">+55 (11) 3626-7126
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a href="mailto:luiz.vianna@tivit.com.br">luiz.vianna@tivit.com.br</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Arial","sans-serif";color:red;mso-fareast-language:PT-BR">T I V I T<br>
</span></b><b><span style="color:red;mso-fareast-language:PT-BR"><br>
</span></b><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Av. Maria Coelho Aguiar, 215 - Bloco D - 5˚ Andar<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">São Paulo - SP - CEP 05804-900<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a href="http://www.tivit.com.br/" title="http://www.tivit.com.br/
blocked::mailto:Camila.silva@tivit.com.br
mailto:Camila.silva@tivit.com.br"><span style="color:gray">www.tivit.com.br</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#999999;mso-fareast-language:PT-BR">Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você a tenha
recebido por engano, queira, por favor, retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A TIVIT não se responsabilizará pelo conteúdo ou
pela veracidade desta informação.</span><span style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#1F497D;mso-fareast-language:PT-BR"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:PT-BR">De:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:PT-BR">
Luiz Fernando Vianna da Silva <br>
<b>Enviada em:</b> quinta-feira, 2 de abril de 2015 14:41<br>
<b>Para:</b> 'dpal@redhat.com'; freeipa-users@redhat.com<br>
<b>Assunto:</b> RES: [Freeipa-users] RES: FreeIPA integration with AIX and sudo<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Hi Dmitri.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Working on it right now. :)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Atenciosamente/Best Regards</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:PT-BR"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">__________________________________________</span></b><span style="font-size:10.0pt;font-family:"Trebuchet MS","sans-serif";mso-fareast-language:PT-BR"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Luiz Fernando Vianna da Silva<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">ITM-I - Operação Cielo<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">+55 (11) 3626-7126
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a href="mailto:luiz.vianna@tivit.com.br">luiz.vianna@tivit.com.br</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Arial","sans-serif";color:red;mso-fareast-language:PT-BR">T I V I T<br>
</span></b><b><span style="color:red;mso-fareast-language:PT-BR"><br>
</span></b><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Av. Maria Coelho Aguiar, 215 - Bloco D - 5˚ Andar<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">São Paulo - SP - CEP 05804-900<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a href="http://www.tivit.com.br/" title="http://www.tivit.com.br/
blocked::mailto:Camila.silva@tivit.com.br
mailto:Camila.silva@tivit.com.br"><span style="color:gray">www.tivit.com.br</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#999999;mso-fareast-language:PT-BR">Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você a tenha
recebido por engano, queira, por favor, retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A TIVIT não se responsabilizará pelo conteúdo ou
pela veracidade desta informação.</span><span style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#1F497D;mso-fareast-language:PT-BR"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:PT-BR">De:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:PT-BR">
<a href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a> [<a href="mailto:freeipa-users-bounces@redhat.com">mailto:freeipa-users-bounces@redhat.com</a>]
<b>Em nome de </b>Dmitri Pal<br>
<b>Enviada em:</b> quinta-feira, 2 de abril de 2015 10:23<br>
<b>Para:</b> <a href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Assunto:</b> Re: [Freeipa-users] RES: FreeIPA integration with AIX and sudo<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 04/01/2015 01:58 PM, Luiz Fernando Vianna da Silva wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">Hi Yves.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">First a little background information regarding sudo on AIX: Most sudo packages compiled for AIX are _<i>NOT</i>_ compiled with LDAP support.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Although sudo’s documentation states that sudo supports different LDAP implementations, other than OpenLDAP, I suppose it doesn’t work well with AIX’s LDAP fileset.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">That’s my guess why most sudo packages for AIX aren’t compiled with LDAP support. [BTW, you can check this by running, as root, sudo -V</span><span lang="EN-US">
</span><span lang="EN-US" style="color:#1F497D">| grep -i ldap].</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">The good news is that Michel Perzl, has successfully compiled a sudo package with LDAP support, although its compiled against OpenLDAP and not AIX’s LDAP fileset.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">So, here is how I did it:</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">(1) Go to <a href="http://www.perzl.org/aix/">
http://www.perzl.org/aix/</a> and download the following RPM packages on their latest versions:</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore"><span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">sudo >= 1.8.11</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore"><span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">gettext >= 0.10.40</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore"><span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">openldap >= 2.4.23</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore"><span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">openssl >= 1.0.1j-1</span><o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore"><span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US" style="color:#1F497D">zlib</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Make sure you don’t have the sudo fileset installed or another sudo rpm package.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Don’t worry about openssl from this RPM package conflicting with the OpenSSL fileset from AIX, they won’t.
</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Don’t worry about openldap from this RPM package conflicting with the ldap fileset from AIX, they won’t.
</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">(2) Upload the rpm packages to you AIX LPAR and put them all in a directory, I used /tmp/sudopack. [From here on I assume you are root on your LPAR].</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">(3) From the directory where you put your packages run a “rpm -ivh *.rpm --test” and if all goes well proceed without the “--test”, otherwise sort out the dependencies and conflicts like the grown
man you are :).</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">(4) Once the rpms are installed, add the following line to the bottom of your /etc/netsvc.conf file: sudoers = files, ldap</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">I know this is not expected syntax according to IBM’s netsvc.conf documentation, but sudo requires it to work with ldap. According to sudo’s documentation it uses that line on netsvc.conf to emulate
what sudo would expect to find on /etc/nsswitch.conf on a Linux machine [hack much?].</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">(5) Create a file called /etc/ldap.conf . This has nothing to do with the /etc/security/ldap/ldap.cfg file you use to configure AIX’s LDAP, this is OpenLdap’s config only used by sudo. Don’t worry,
this won’t conflict with AIX’s LDAP functionality.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Add this to your /etc/ldap.conf:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">tls_cacert /etc/ipa/ca.crt</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">uri <a href="ldap://youripaserver.domain.com">
ldap://youripaserver.domain.com</a></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">binddn uid=sudo,cn=sysaccounts,cn=etc,dc=domain,dc=com</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">bindpw yourclientpassword</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">sudoers_base ou=sudoers,dc=domain,dc=com</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">(6) Create a directory called /etc/ipa and download your ca certificate file and place it there. Make sure to permission the directory 755 and the ca.crt file 644.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">(7) And that’s pretty much it, no need to edit a single line on /etc/sudoers. The /etc/sudoers file I have on my LPARs is the one that comes with the rpm, unchanged.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Log into your LPAR with a domain user and try running “sudo -l”, it should output the sudo rules you set on the IPA server.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">I hope this helps you and other AIX client users out there.</span><o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:PT-BR"><br>
Would you mind creating a howto page on the IPA wiki?<br>
<br>
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Atenciosamente/Best Regards</span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">__________________________________________</span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Luiz Fernando Vianna da Silva</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">ITM-I - Operação Cielo</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">+55 (11) 3626-7126
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a href="mailto:luiz.vianna@tivit.com.br">luiz.vianna@tivit.com.br</a></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial","sans-serif";color:red;mso-fareast-language:PT-BR">T I V I T<br>
</span></b><b><span style="color:red;mso-fareast-language:PT-BR"><br>
</span></b><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Av. Maria Coelho Aguiar, 215 - Bloco D - 5˚ Andar</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">São Paulo - SP - CEP 05804-900</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a href="http://www.tivit.com.br/" title="http://www.tivit.com.br/
blocked::mailto:Camila.silva@tivit.com.br
mailto:Camila.silva@tivit.com.br"><span style="color:gray">www.tivit.com.br</span></a></span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#999999;mso-fareast-language:PT-BR">Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você a tenha
recebido por engano, queira, por favor, retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A TIVIT não se responsabilizará pelo conteúdo ou
pela veracidade desta informação.</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:PT-BR">De:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:PT-BR">
Yves Degauquier [<a href="mailto:yves@degauquier.net">mailto:yves@degauquier.net</a>]
<br>
<b>Enviada em:</b> quarta-feira, 1 de abril de 2015 14:03<br>
<b>Para:</b> Luiz Fernando Vianna da Silva<br>
<b>Assunto:</b> Re: [Freeipa-users] FreeIPA integration with AIX and sudo</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi Luiz,<br>
<br>
I was not able to make it running, I was a bit lost with the LDAP, PAM, LAM configuration, and didn't found any idea with Google...<br>
<br>
If you can share the solution or point me to some important point to do, I will be happy.<br>
<br>
Thanks in advance,<br>
<br>
Best regards,<br>
<br>
Yves<o:p></o:p></p>
<div>
<p class="MsoNormal">On 01/04/15 18:57, Luiz Fernando Vianna da Silva wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US">Hello Yves.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">I was browsing the mailing list archives and found your email from December 2013 (<a href="https://www.redhat.com/archives/freeipa-users/2013-December/msg00083.html">https://www.redhat.com/archives/freeipa-users/2013-December/msg00083.html</a>).</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">I have successfully found a way to have sudo on AIX work with the sudo rules on IPA, just like Linux clients.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Give me a reply if you haven’t figured out a way to make this work and I’ll send you the solution I came up with.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Atenciosamente/Best Regards</span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">__________________________________________</span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Luiz Fernando Vianna da Silva</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">ITM-I - Operação Cielo</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">+55 (11) 3626-7126
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a href="mailto:luiz.vianna@tivit.com.br">luiz.vianna@tivit.com.br</a></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial","sans-serif";color:red;mso-fareast-language:PT-BR">T I V I T<br>
</span></b><b><span style="color:red;mso-fareast-language:PT-BR"><br>
</span></b><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Av. Maria Coelho Aguiar, 215 - Bloco D - 5˚ Andar</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">São Paulo - SP - CEP 05804-900</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a href="http://www.tivit.com.br/" title="http://www.tivit.com.br/
blocked::mailto:Camila.silva@tivit.com.br
mailto:Camila.silva@tivit.com.br"><span style="color:gray">www.tivit.com.br</span></a></span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#999999;mso-fareast-language:PT-BR">Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você a tenha
recebido por engano, queira, por favor, retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A TIVIT não se responsabilizará pelo conteúdo ou
pela veracidade desta informação.</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:PT-BR"><br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre>Thank you,<o:p></o:p></pre>
<pre>Dmitri Pal<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Sr. Engineering Manager IdM portfolio<o:p></o:p></pre>
<pre>Red Hat, Inc.<o:p></o:p></pre>
</div>
</body>
</html>