[Freeipa-users] RHEL 6.3 identity manual - IPA

Dmitri Pal dpal at redhat.com
Mon Sep 10 12:58:11 UTC 2012 

On 08/24/2012 09:07 AM, Rob Crittenden wrote:
> Steven Jones wrote:
>> Hi,
>>
>> Except the doc says nss_ldap.conf when its actually ldap.conf...so
>> doc is wrong.
>>
>> "4. Edit the NSS/LDAP configuration file and add the following
>> sudo-related lines to the
>> /etc/nss_ldap.conf file:"
>>
>> should read,
>>
>> "4. Edit the NSS/LDAP configuration file and add the following
>> sudo-related lines to the
>> /etc/ldap.conf file:"
>>
>> Unless someone can point out how sudo should be done....but it works
>> this way.
>
> It would be very helpful if you could file bugs at
> http://bugzilla.redhat.com on the documentation when you find errors.
> We review them before publishing but we miss things from time to time
> (clearly).
>
> The component to use is doc-Enterprise_Identity_Management_Guide.

Steven,

Did you have a chance to file any BZs based on the discussion in this
thread?
Thank you for your help and contribution!

Dmitri

>
> thanks
>
> rob
>
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> ________________________________________
>> From: freeipa-users-bounces at redhat.com
>> [freeipa-users-bounces at redhat.com] on behalf of Steven Jones
>> [Steven.Jones at vuw.ac.nz]
>> Sent: Friday, 24 August 2012 11:16 a.m.
>> Cc: Freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] RHEL 6.3 identity manual - IPA
>>
>> Hi,
>>
>> Just found this doc,
>>
>> Red Hat Enterprise Linux 5.8
>> Configuring Identity Management
>>
>> So Im working through it.
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> ________________________________________
>> From: Stephen Ingram [sbingram at gmail.com]
>> Sent: Friday, 24 August 2012 11:00 a.m.
>> To: Steven Jones
>> Cc: Freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] RHEL 6.3 identity manual - IPA
>>
>> On Thu, Aug 23, 2012 at 2:26 PM, Steven Jones
>> <Steven.Jones at vuw.ac.nz> wrote:
>>> Some notes on the identity manual which says its for RHEl6,
>>>
>>> "13.4.2. Client Configuration for sudo Rules This example specifically
>>> configures a Red Hat Enterprise Linux 6 client for sudo rules.
>>>
>>> 8><----
>>>
>>> 2. Enable debug logging for sudo operations in the /etc/ldap.conf
>>> file. If
>>> this file does not exist, it can be created. vim /etc/ldap.conf
>>> sudoers_debug:
>>>
>>> It seems for a RHEL6 client its /etc/sudo-ldap.conf
>>>
>>> ditto 4.
>>>
>>> Edit the NSS/LDAP configuration file and add the following sudo-related
>>> lines to the
>>> /etc/nslcd.conf file:
>>> binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
>>> bindpw sudo_password
>>> ssl start_tls
>>> tls_cacertfile /etc/ipa/ca.crt
>>> tls_checkpeer yes
>>> bind_timelimit 5
>>> timelimit 15
>>> uri ldap://ipaserver.example.com ldap://backup.example.com:3890
>>> sudoers_base ou=SUDOers,dc=example,dc=com
>>>
>>> It seems for a RHEL6 client its /etc/sudo-ldap.conf
>>>
>>> So it that section referring to RHEL5?
>>
>> Most likely. /etc/sudo-ldap.conf is new with RHEL 6.3. Before that
>> (6.0-6.2) you had to use /etc/nslcd.conf. RHEL 5 series used a
>> different configuration altogether. I think that will eventually
>> change to as this becomes handled directly by sssd. Not a moment too
>> soon if you ask me. There are so many competing ways to set this up,
>> each with varying advantages and disadvantages. This is probably why
>> RH decided to just write sssd from scratch such that they could handle
>> all of the existing setups as well as new stuff like laptops out of
>> the office that need cached credentials and such.
>>
>> Steve
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list