[Freeipa-users] RHEL 6.3 identity manual - IPA

Rob Crittenden rcritten at redhat.com
Fri Aug 24 13:07:06 UTC 2012 

Steven Jones wrote:
> Hi,
>
> Except the doc says nss_ldap.conf when its actually ldap.conf...so doc is wrong.
>
> "4. Edit the NSS/LDAP configuration file and add the following sudo-related lines to the
> /etc/nss_ldap.conf file:"
>
> should read,
>
> "4. Edit the NSS/LDAP configuration file and add the following sudo-related lines to the
> /etc/ldap.conf file:"
>
> Unless someone can point out how sudo should be done....but it works this way.

It would be very helpful if you could file bugs at 
http://bugzilla.redhat.com on the documentation when you find errors. We 
review them before publishing but we miss things from time to time 
(clearly).

The component to use is doc-Enterprise_Identity_Management_Guide.

thanks

rob

>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
> Sent: Friday, 24 August 2012 11:16 a.m.
> Cc: Freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] RHEL 6.3 identity manual - IPA
>
> Hi,
>
> Just found this doc,
>
> Red Hat Enterprise Linux 5.8
> Configuring Identity Management
>
> So Im working through it.
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: Stephen Ingram [sbingram at gmail.com]
> Sent: Friday, 24 August 2012 11:00 a.m.
> To: Steven Jones
> Cc: Freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] RHEL 6.3 identity manual - IPA
>
> On Thu, Aug 23, 2012 at 2:26 PM, Steven Jones <Steven.Jones at vuw.ac.nz> wrote:
>> Some notes on the identity manual which says its for RHEl6,
>>
>> "13.4.2. Client Configuration for sudo Rules This example specifically
>> configures a Red Hat Enterprise Linux 6 client for sudo rules.
>>
>> 8><----
>>
>> 2. Enable debug logging for sudo operations in the /etc/ldap.conf file. If
>> this file does not exist, it can be created. vim /etc/ldap.conf
>> sudoers_debug:
>>
>> It seems for a RHEL6 client its /etc/sudo-ldap.conf
>>
>> ditto 4.
>>
>> Edit the NSS/LDAP configuration file and add the following sudo-related
>> lines to the
>> /etc/nslcd.conf file:
>> binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
>> bindpw sudo_password
>> ssl start_tls
>> tls_cacertfile /etc/ipa/ca.crt
>> tls_checkpeer yes
>> bind_timelimit 5
>> timelimit 15
>> uri ldap://ipaserver.example.com ldap://backup.example.com:3890
>> sudoers_base ou=SUDOers,dc=example,dc=com
>>
>> It seems for a RHEL6 client its /etc/sudo-ldap.conf
>>
>> So it that section referring to RHEL5?
>
> Most likely. /etc/sudo-ldap.conf is new with RHEL 6.3. Before that
> (6.0-6.2) you had to use /etc/nslcd.conf. RHEL 5 series used a
> different configuration altogether. I think that will eventually
> change to as this becomes handled directly by sssd. Not a moment too
> soon if you ask me. There are so many competing ways to set this up,
> each with varying advantages and disadvantages. This is probably why
> RH decided to just write sssd from scratch such that they could handle
> all of the existing setups as well as new stuff like laptops out of
> the office that need cached credentials and such.
>
> Steve
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>

More information about the Freeipa-users mailing list