[Freeipa-users] sudo made a bit easier to configure
Han Boetes
hboetes at gmail.com
Thu Dec 20 15:43:08 UTC 2012
Hi,
I discovered that using this recipe makes setting up sudo-ldap very simple.
Even when anonymous binds is disabled.
TLS_CACERT /etc/ipa/ca.crt
TLS_REQCERT demand
SASL_MECH GSSAPI
BASE dc=domain,dc=com
URI ldap://auth-ipa.domain.com
ROOTUSE_SASL on
SUDOERS_BASE ou=SUDOers,dc=domain,dc=com
SUDOERS_DEBUG 2
Of course you can set DEBUG to 0 once everything works.
I'd like to share this since the docs on the freeipa site on how to set up
sudo were quite a bit more complicated.
# Han
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121220/6d2f18af/attachment.htm>
More information about the Freeipa-users
mailing list