LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page SSSD SUDO ldap enabled issues
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 12-09-2014, 08:02 AM   #1
CaptKrunch
LQ Newbie
 
Registered: Dec 2014
Posts: 4

Rep: Reputation: Disabled
SSSD SUDO ldap enabled issues

Hi there!

I've been struggling with this for a while now and I can't seem to wrap my brain around it.

I've followed the basic of how to export all your SUDO rules to LDAP and make SSSD read them, but for some reason, it won't allow the people in the group to get access to those rules.

So far, this is what I've done:

1. Import the sudo SCHEMA in my ldap server. I can confirmed it worked (sudoRole)objectClass
2. create the ou ou=SUDOers,dc=domain,dc=local
3. create the rule:
Code:
dn: cn=test,ou=SUDOers,dc=domain,dc=local
objectClass: top
objectClass: sudoRole
cn: test
sudoUser: +unix_group
sudoHost: ALL
sudoRunAsUser: ALL
sudoCommand: ALL
sudoOption: !authenticate
4: In my sssd.conf, I have the usual options that you will find in this typical setup.
Code:
[domain/default]
ldap_sudo_search_base = ou=SUDOers,dc=domain,dc=local
...
....
[sudo]
the +unix_group is a group inside ldap that has all users that I want the cn=test rule to apply to.

Am I doing this right? So far, it's not working for me, the error i'm having is "user is not allowed to run sudo on palpatine.

Thanks
Last edited by CaptKrunch; 12-09-2014 at 08:04 AM.
 
Old 12-09-2014, 04:36 PM   #2
buttugly
Member
 
Registered: Feb 2006
Distribution: distrohopper
Posts: 58

Rep: Reputation: 16
https://fedoraproject.org/wiki/Featu...SD#How_To_Test

http://www.openldap.org/lists/openld.../msg00116.html


This one not so much...

http://unix.stackexchange.com/questi...th-user-groups

as it was never answered.
 
Old 12-10-2014, 05:49 AM   #3
CaptKrunch
LQ Newbie
 
Registered: Dec 2014
Posts: 4

Original Poster
Rep: Reputation: Disabled
Thanks for the link buttugly. I've already seen those links unfortunately.

I'm following the same settings as they are using. The sudoUSer +unix_group is actually an ldap group with members inside.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSSD Kerberos/LDAP authentication issues with AD turbosur Linux - Networking 0 11-19-2014 12:45 PM
SSSD does not receive sudo rules from Samba (but ldapsearch works) teekeino Linux - Server 2 08-17-2014 09:02 PM
[SOLVED] sssd-sudo Issues ranmanh Linux - Server 1 08-06-2014 06:34 AM
[SOLVED] sssd ldap authentication against samba4 not working anindyameister Linux - Newbie 1 09-30-2013 07:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:08 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration