[Freeipa-users] Sudo works for full access, but not on a per command or host level.
Rob Crittenden
rcritten at redhat.com
Tue Oct 16 21:44:35 UTC 2012
Macklin, Jason wrote:
> Yes, resolution works correctly at both the host and the freeIPA server.
>
> Dmitri,
>
> I am still quite new to LDAP so I'm not sure exactly what I should be looking for when running ldapsearch.
>
> The attempts that I have made have been less then fruitful though... examples follow
>
> /usr/bin/ldapsearch -I -H ldap://dbduvdu145.dbr.roche.com "ou=SUDOers,dc=dbr,dc=roche,dc=com"SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
>
> This sort of return occurs for either working or non-working users both!
>
> As I am new to ldap... is there a specific ldapsearch command/option I should be using?
You want to be authenticated to search the sudo data, so do something like:
$ kinit admin (or some user)
$ ldapsearch -Y GSSAPI ...
rob
More information about the Freeipa-users
mailing list