[Freeipa-users] sudo made a bit easier to configure
Martin Kosek
mkosek at redhat.com
Fri Dec 21 12:22:16 UTC 2012
On 12/20/2012 04:43 PM, Han Boetes wrote:
> Hi,
>
> I discovered that using this recipe makes setting up sudo-ldap very simple.
> Even when anonymous binds is disabled.
>
> TLS_CACERT /etc/ipa/ca.crt
> TLS_REQCERT demand
> SASL_MECH GSSAPI
> BASE dc=domain,dc=com
> URI ldap://auth-ipa.domain.com <http://auth-ipa.domain.com>
> ROOTUSE_SASL on
> SUDOERS_BASE ou=SUDOers,dc=domain,dc=com
> SUDOERS_DEBUG 2
>
> Of course you can set DEBUG to 0 once everything works.
>
> I'd like to share this since the docs on the freeipa site on how to set up sudo
> were quite a bit more complicated.
>
>
> # Han
>
Hello Han,
Thanks! I will forward this example to our doc guys to see if we can make the
sudo client configuration example easier to follow.
Martin
More information about the Freeipa-users
mailing list