[Freeipa-users] Valid documentation for sudo setup for version 4.0.3

Alexander Bokovoy abokovoy at redhat.com
Fri Oct 17 05:59:22 UTC 2014

On Fri, 17 Oct 2014, Vaclav Adamec wrote:
> is there any valid documentation/setup to get sudo working?
>is not usable, modification of another files are needed to get at least
>attempts to ldap (for example on CentOS /etc/sudo-ldap.conf). Other
>documentation or googled setup seems to sometimes mixture of not very
>compatible settings.
>So far all attempts fails, if you want to see actual setup and state see
>public gist -
>Any help would be appreciated, also if there is any public
>training/certification please get me know (I found only RedHat which is
>based on older versions)
FreeIPA 4.0.3 has sudo configuration integrated into ipa-client-install
by default. If you don't want to use that, you can run
ipa-client-install --no-sudo.

Now, I'm confused by your logs. They are a mixture of unrelated things:

 - you have nslcd and sssd configured at the same time. Why?
 - you don't need to configure /etc/sudo-ldap.conf if you are using

As Dmitri said, configuration described in
and also covered in SSSD manual pages, sssd-sudo(5). In particular, it
says since sssd 1.10.0:
When the SSSD is configured to use IPA as the ID provider, the sudo
provider is automatically enabled. The sudo search base is configured to
use the compat tree (ou=sudoers,$DC).

Prior to that it included detailed configuration how to set up sudo for
SSSD with IPA provider.

/ Alexander Bokovoy

More information about the Freeipa-users mailing list