[Freeipa-users] Valid documentation for sudo setup for version 4.0.3

Alexander Bokovoy abokovoy at redhat.com
Fri Oct 17 05:59:22 UTC 2014


On Fri, 17 Oct 2014, Vaclav Adamec wrote:
>Hi,
> is there any valid documentation/setup to get sudo working?
>http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/example-configuring-sudo.html
>is not usable, modification of another files are needed to get at least
>attempts to ldap (for example on CentOS /etc/sudo-ldap.conf). Other
>documentation or googled setup seems to sometimes mixture of not very
>compatible settings.
>
>So far all attempts fails, if you want to see actual setup and state see
>public gist -
>https://gist.github.com/VAdamec/58880b3bb476a0b826e6#file-freeipa-403-debug-log
>
>Any help would be appreciated, also if there is any public
>training/certification please get me know (I found only RedHat which is
>based on older versions)
FreeIPA 4.0.3 has sudo configuration integrated into ipa-client-install
by default. If you don't want to use that, you can run
ipa-client-install --no-sudo.

Now, I'm confused by your logs. They are a mixture of unrelated things:

 - you have nslcd and sssd configured at the same time. Why?
 - you don't need to configure /etc/sudo-ldap.conf if you are using
   sssd.

As Dmitri said, configuration described in
http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
and also covered in SSSD manual pages, sssd-sudo(5). In particular, it
says since sssd 1.10.0:
-----------
When the SSSD is configured to use IPA as the ID provider, the sudo
provider is automatically enabled. The sudo search base is configured to
use the compat tree (ou=sudoers,$DC).
-----------

Prior to that it included detailed configuration how to set up sudo for
SSSD with IPA provider.


-- 
/ Alexander Bokovoy




More information about the Freeipa-users mailing list