[Freeipa-users] Valid documentation for sudo setup for version 4.0.3
Alexander Bokovoy
abokovoy at redhat.com
Fri Oct 17 05:59:22 UTC 2014
On Fri, 17 Oct 2014, Vaclav Adamec wrote:
>Hi,
> is there any valid documentation/setup to get sudo working?
>http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/example-configuring-sudo.html
>is not usable, modification of another files are needed to get at least
>attempts to ldap (for example on CentOS /etc/sudo-ldap.conf). Other
>documentation or googled setup seems to sometimes mixture of not very
>compatible settings.
>
>So far all attempts fails, if you want to see actual setup and state see
>public gist -
>https://gist.github.com/VAdamec/58880b3bb476a0b826e6#file-freeipa-403-debug-log
>
>Any help would be appreciated, also if there is any public
>training/certification please get me know (I found only RedHat which is
>based on older versions)
FreeIPA 4.0.3 has sudo configuration integrated into ipa-client-install
by default. If you don't want to use that, you can run
ipa-client-install --no-sudo.
Now, I'm confused by your logs. They are a mixture of unrelated things:
- you have nslcd and sssd configured at the same time. Why?
- you don't need to configure /etc/sudo-ldap.conf if you are using
sssd.
As Dmitri said, configuration described in
http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
and also covered in SSSD manual pages, sssd-sudo(5). In particular, it
says since sssd 1.10.0:
-----------
When the SSSD is configured to use IPA as the ID provider, the sudo
provider is automatically enabled. The sudo search base is configured to
use the compat tree (ou=sudoers,$DC).
-----------
Prior to that it included detailed configuration how to set up sudo for
SSSD with IPA provider.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list