<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 04/06/2015 03:16 PM, Luiz Fernando
Vianna da Silva wrote:<br>
</div>
<blockquote
cite="mid:1B1DB5490C5E3A408CA3086D02CD34FA040E2C6B@rctr246"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Trebuchet MS";
panose-1:2 11 6 3 2 2 2 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"Pré-formatação HTML Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Texto de balão Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.Pr-formataoHTMLChar
{mso-style-name:"Pré-formatação HTML Char";
mso-style-priority:99;
mso-style-link:"Pré-formatação HTML";
font-family:Consolas;
color:black;
mso-fareast-language:EN-US;}
span.TextodebaloChar
{mso-style-name:"Texto de balão Char";
mso-style-priority:99;
mso-style-link:"Texto de balão";
font-family:"Tahoma","sans-serif";
color:black;
mso-fareast-language:EN-US;}
span.EstiloDeEmail22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EstiloDeEmail23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EstiloDeEmail24
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EstiloDeEmail25
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1168709267;
mso-list-type:hybrid;
mso-list-template-ids:2031918816 68550657 68550659 68550661 68550657 68550659 68550661 68550657 68550659 68550661;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:"&\#61623";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:"&\#61607";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:"&\#61623";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:"&\#61607";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:"&\#61623";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:"&\#61607";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hello Dmitri.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">I
finally managed to write the wiki article on configuring
sudo on AIX!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Here
is the URL: <a moz-do-not-send="true"
href="http://www.freeipa.org/page/SUDO_Integration_for_AIX">
http://www.freeipa.org/page/SUDO_Integration_for_AIX</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">I
also added a reference to it on the
<a moz-do-not-send="true"
href="http://www.freeipa.org/page/HowTos#General">http://www.freeipa.org/page/HowTos#General</a>
page as well as a topic on the
<a moz-do-not-send="true"
href="http://www.freeipa.org/page/ConfiguringUnixClients">http://www.freeipa.org/page/ConfiguringUnixClients</a>
page pointing to the article.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">I
hope its format is up to code with FreeIPA’s formatting
standards and that the language used is clear.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
</div>
</blockquote>
<br>
Very nice!<br>
Thanks a lot!<br>
Looks great!<br>
<br>
<blockquote
cite="mid:1B1DB5490C5E3A408CA3086D02CD34FA040E2C6B@rctr246"
type="cite">
<div class="WordSection1">
<div>
<p class="MsoNormal"><span
style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Atenciosamente/Best
Regards</span><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:PT-BR"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">__________________________________________</span></b><span
style="font-size:10.0pt;font-family:"Trebuchet
MS","sans-serif";mso-fareast-language:PT-BR"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Luiz
Fernando Vianna da Silva<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">ITM-I
- Operação Cielo<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">+55
(11) 3626-7126
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a
moz-do-not-send="true"
href="mailto:luiz.vianna@tivit.com.br">luiz.vianna@tivit.com.br</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif";mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-family:"Arial","sans-serif";color:red;mso-fareast-language:PT-BR">T
I V I T<br>
</span></b><b><span
style="color:red;mso-fareast-language:PT-BR"><br>
</span></b><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Av.
Maria Coelho Aguiar, 215 - Bloco D - 5˚ Andar<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">São
Paulo - SP - CEP 05804-900<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a
moz-do-not-send="true" href="http://www.tivit.com.br/"
title="http://www.tivit.com.br/
blocked::mailto:Camila.silva@tivit.com.br
mailto:Camila.silva@tivit.com.br"><span
style="color:gray">www.tivit.com.br</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#999999;mso-fareast-language:PT-BR">Esta
mensagem, incluindo seus anexos, tem caráter confidencial
e seu conteúdo é restrito ao destinatário da mensagem.
Caso você a tenha recebido por engano, queira, por favor,
retorná-la ao destinatário e apagá-la de seus arquivos.
Qualquer uso não autorizado, replicação ou disseminação
desta mensagem ou parte dela é expressamente proibido. A
TIVIT não se responsabilizará pelo conteúdo ou pela
veracidade desta informação.</span><span
style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#1F497D;mso-fareast-language:PT-BR"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:PT-BR">De:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:PT-BR">
Luiz Fernando Vianna da Silva <br>
<b>Enviada em:</b> quinta-feira, 2 de abril de 2015
14:41<br>
<b>Para:</b> '<a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com">dpal@redhat.com</a>'; <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Assunto:</b> RES: [Freeipa-users] RES: FreeIPA
integration with AIX and sudo<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Hi
Dmitri.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Working
on it right now. :)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"
lang="EN-US">Atenciosamente/Best Regards</span><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:PT-BR"
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">__________________________________________</span></b><span
style="font-size:10.0pt;font-family:"Trebuchet
MS","sans-serif";mso-fareast-language:PT-BR"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Luiz
Fernando Vianna da Silva<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">ITM-I
- Operação Cielo<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">+55
(11) 3626-7126
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a
moz-do-not-send="true"
href="mailto:luiz.vianna@tivit.com.br">luiz.vianna@tivit.com.br</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif";mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-family:"Arial","sans-serif";color:red;mso-fareast-language:PT-BR">T
I V I T<br>
</span></b><b><span
style="color:red;mso-fareast-language:PT-BR"><br>
</span></b><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Av.
Maria Coelho Aguiar, 215 - Bloco D - 5˚ Andar<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">São
Paulo - SP - CEP 05804-900<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a
moz-do-not-send="true" href="http://www.tivit.com.br/"
title="http://www.tivit.com.br/
blocked::mailto:Camila.silva@tivit.com.br
mailto:Camila.silva@tivit.com.br"><span
style="color:gray">www.tivit.com.br</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#999999;mso-fareast-language:PT-BR">Esta
mensagem, incluindo seus anexos, tem caráter confidencial
e seu conteúdo é restrito ao destinatário da mensagem.
Caso você a tenha recebido por engano, queira, por favor,
retorná-la ao destinatário e apagá-la de seus arquivos.
Qualquer uso não autorizado, replicação ou disseminação
desta mensagem ou parte dela é expressamente proibido. A
TIVIT não se responsabilizará pelo conteúdo ou pela
veracidade desta informação.</span><span
style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#1F497D;mso-fareast-language:PT-BR"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:PT-BR">De:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:PT-BR">
<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>
[<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">mailto:freeipa-users-bounces@redhat.com</a>]
<b>Em nome de </b>Dmitri Pal<br>
<b>Enviada em:</b> quinta-feira, 2 de abril de 2015
10:23<br>
<b>Para:</b> <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Assunto:</b> Re: [Freeipa-users] RES: FreeIPA
integration with AIX and sudo<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 04/01/2015 01:58 PM, Luiz Fernando
Vianna da Silva wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">Hi Yves.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">First a little background information
regarding sudo on AIX: Most sudo packages compiled for
AIX are _<i>NOT</i>_ compiled with LDAP support.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">Although sudo’s documentation states that
sudo supports different LDAP implementations, other than
OpenLDAP, I suppose it doesn’t work well with AIX’s LDAP
fileset.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">That’s my guess why most sudo packages for
AIX aren’t compiled with LDAP support. [BTW, you can
check this by running, as root, sudo -V</span><span
lang="EN-US">
</span><span style="color:#1F497D" lang="EN-US">| grep -i
ldap].</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">The good news is that Michel Perzl, has
successfully compiled a sudo package with LDAP support,
although its compiled against OpenLDAP and not AIX’s
LDAP fileset.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">So, here is how I did it:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">(1) Go to <a moz-do-not-send="true"
href="http://www.perzl.org/aix/">
http://www.perzl.org/aix/</a> and download the
following RPM packages on their latest versions:</span><o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="font-family:Symbol"><span style="mso-list:Ignore"><span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="color:#1F497D" lang="EN-US">sudo >= 1.8.11</span><o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="font-family:Symbol"><span style="mso-list:Ignore"><span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="color:#1F497D" lang="EN-US">gettext >= 0.10.40</span><o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="font-family:Symbol"><span style="mso-list:Ignore"><span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="color:#1F497D" lang="EN-US">openldap >= 2.4.23</span><o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="font-family:Symbol"><span style="mso-list:Ignore"><span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="color:#1F497D" lang="EN-US">openssl >=
1.0.1j-1</span><o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><!--[if !supportLists]--><span
style="font-family:Symbol"><span style="mso-list:Ignore"><span
style="font:7.0pt "Times New Roman"">
</span></span></span><!--[endif]--><span
style="color:#1F497D" lang="EN-US">zlib</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">Make sure you don’t have the sudo fileset
installed or another sudo rpm package.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">Don’t worry about openssl from this RPM
package conflicting with the OpenSSL fileset from AIX,
they won’t.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">Don’t worry about openldap from this RPM
package conflicting with the ldap fileset from AIX, they
won’t.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">(2) Upload the rpm packages to you AIX LPAR
and put them all in a directory, I used /tmp/sudopack.
[From here on I assume you are root on your LPAR].</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">(3) From the directory where you put your
packages run a “rpm -ivh *.rpm --test” and if all goes
well proceed without the “--test”, otherwise sort out
the dependencies and conflicts like the grown man you
are :).</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">(4) Once the rpms are installed, add the
following line to the bottom of your /etc/netsvc.conf
file: sudoers = files, ldap</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">I know this is not expected syntax
according to IBM’s netsvc.conf documentation, but sudo
requires it to work with ldap. According to sudo’s
documentation it uses that line on netsvc.conf to
emulate what sudo would expect to find on
/etc/nsswitch.conf on a Linux machine [hack much?].</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">(5) Create a file called /etc/ldap.conf .
This has nothing to do with the
/etc/security/ldap/ldap.cfg file you use to configure
AIX’s LDAP, this is OpenLdap’s config only used by sudo.
Don’t worry, this won’t conflict with AIX’s LDAP
functionality.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">Add this to your /etc/ldap.conf:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">tls_cacert
/etc/ipa/ca.crt</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">uri <a moz-do-not-send="true"
href="ldap://youripaserver.domain.com">
ldap://youripaserver.domain.com</a></span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">binddn
uid=sudo,cn=sysaccounts,cn=etc,dc=domain,dc=com</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">bindpw yourclientpassword</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">sudoers_base ou=sudoers,dc=domain,dc=com</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">(6) Create a directory called /etc/ipa and
download your ca certificate file and place it there.
Make sure to permission the directory 755 and the ca.crt
file 644.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">(7) And that’s pretty much it, no need to
edit a single line on /etc/sudoers. The /etc/sudoers
file I have on my LPARs is the one that comes with the
rpm, unchanged.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">Log into your LPAR with a domain user and
try running “sudo -l”, it should output the sudo rules
you set on the IPA server.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"
lang="EN-US">I hope this helps you and other AIX client
users out there.</span><o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:PT-BR"><br>
Would you mind creating a howto page on the IPA wiki?<br>
<br>
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"
lang="EN-US">Atenciosamente/Best Regards</span><o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">__________________________________________</span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Luiz
Fernando Vianna da Silva</span></b><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">ITM-I
- Operação Cielo</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">+55
(11) 3626-7126
</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a
moz-do-not-send="true"
href="mailto:luiz.vianna@tivit.com.br">luiz.vianna@tivit.com.br</a></span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif";mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-family:"Arial","sans-serif";color:red;mso-fareast-language:PT-BR">T
I V I T<br>
</span></b><b><span
style="color:red;mso-fareast-language:PT-BR"><br>
</span></b><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Av.
Maria Coelho Aguiar, 215 - Bloco D - 5˚ Andar</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">São
Paulo - SP - CEP 05804-900</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a
moz-do-not-send="true" href="http://www.tivit.com.br/"
title="http://www.tivit.com.br/
blocked::mailto:Camila.silva@tivit.com.br
mailto:Camila.silva@tivit.com.br"><span
style="color:gray">www.tivit.com.br</span></a></span><o:p></o:p></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#999999;mso-fareast-language:PT-BR">Esta
mensagem, incluindo seus anexos, tem caráter confidencial
e seu conteúdo é restrito ao destinatário da mensagem.
Caso você a tenha recebido por engano, queira, por favor,
retorná-la ao destinatário e apagá-la de seus arquivos.
Qualquer uso não autorizado, replicação ou disseminação
desta mensagem ou parte dela é expressamente proibido. A
TIVIT não se responsabilizará pelo conteúdo ou pela
veracidade desta informação.</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:PT-BR">De:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:PT-BR">
Yves Degauquier [<a moz-do-not-send="true"
href="mailto:yves@degauquier.net">mailto:yves@degauquier.net</a>]
<br>
<b>Enviada em:</b> quarta-feira, 1 de abril de 2015
14:03<br>
<b>Para:</b> Luiz Fernando Vianna da Silva<br>
<b>Assunto:</b> Re: [Freeipa-users] FreeIPA integration
with AIX and sudo</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi Luiz,<br>
<br>
I was not able to make it running, I was a bit lost with the
LDAP, PAM, LAM configuration, and didn't found any idea with
Google...<br>
<br>
If you can share the solution or point me to some important
point to do, I will be happy.<br>
<br>
Thanks in advance,<br>
<br>
Best regards,<br>
<br>
Yves<o:p></o:p></p>
<div>
<p class="MsoNormal">On 01/04/15 18:57, Luiz Fernando Vianna
da Silva wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US">Hello Yves.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">I was browsing the
mailing list archives and found your email from December
2013 (<a moz-do-not-send="true"
href="https://www.redhat.com/archives/freeipa-users/2013-December/msg00083.html">https://www.redhat.com/archives/freeipa-users/2013-December/msg00083.html</a>).</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">I have successfully
found a way to have sudo on AIX work with the sudo rules
on IPA, just like Linux clients.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Give me a reply if you
haven’t figured out a way to make this work and I’ll send
you the solution I came up with.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Atenciosamente/Best
Regards</span><o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">__________________________________________</span></b><o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Luiz
Fernando Vianna da Silva</span></b><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.5pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">ITM-I
- Operação Cielo</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">+55
(11) 3626-7126
</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a
moz-do-not-send="true"
href="mailto:luiz.vianna@tivit.com.br">luiz.vianna@tivit.com.br</a></span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif";mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-family:"Arial","sans-serif";color:red;mso-fareast-language:PT-BR">T
I V I T<br>
</span></b><b><span
style="color:red;mso-fareast-language:PT-BR"><br>
</span></b><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">Av.
Maria Coelho Aguiar, 215 - Bloco D - 5˚ Andar</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR">São
Paulo - SP - CEP 05804-900</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:gray;mso-fareast-language:PT-BR"><a
moz-do-not-send="true" href="http://www.tivit.com.br/"
title="http://www.tivit.com.br/
blocked::mailto:Camila.silva@tivit.com.br
mailto:Camila.silva@tivit.com.br"><span
style="color:gray">www.tivit.com.br</span></a></span><o:p></o:p></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:PT-BR"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:7.0pt;font-family:"Arial","sans-serif";color:#999999;mso-fareast-language:PT-BR">Esta
mensagem, incluindo seus anexos, tem caráter confidencial
e seu conteúdo é restrito ao destinatário da mensagem.
Caso você a tenha recebido por engano, queira, por favor,
retorná-la ao destinatário e apagá-la de seus arquivos.
Qualquer uso não autorizado, replicação ou disseminação
desta mensagem ou parte dela é expressamente proibido. A
TIVIT não se responsabilizará pelo conteúdo ou pela
veracidade desta informação.</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:PT-BR"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:PT-BR"><br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre>Thank you,<o:p></o:p></pre>
<pre>Dmitri Pal<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Sr. Engineering Manager IdM portfolio<o:p></o:p></pre>
<pre>Red Hat, Inc.<o:p></o:p></pre>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>