| Summary: | nslcd fails to start if it has keywords as 'sudoers_base' and 'sudoers_debug'. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Gowrishankar Rajaiyan <grajaiya> |
| Component: | nss-pam-ldapd | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.2 | CC: | jgalipea, jhrozek, mniranja, prc |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-09-08 16:38:35 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
sudo needs to have its own configuration file. Depending on configuration files from other packages which may or may not be installed (and requiring nslcd so that its configuration file will be there, even if the system uses something else like SSSD) will inevitably break. |
Description of problem: Version-Release number of selected component (if applicable): # rpm -q sudo nss-pam-ldapd sudo-1.7.4p5-7.el6.i686 nss-pam-ldapd-0.7.5-9.el6.i686 How reproducible: Always Steps to Reproduce: 1. Configure /etc/nslcd.conf as: # grep ^[^#] /etc/nslcd.conf uid nslcd gid ldap sudoers_base ou=SUDOers,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com binddn uid=sudo,cn=sysaccounts,cn=etc,dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com bindpw bind123 ssl no tls_cacertfile /etc/ipa/ca.crt bind_timelimit 5 timelimit 15 BASE dc=lab,dc=eng,dc=pnq,dc=redhat,dc=com TLS_CACERTDIR /etc/ipa uri ldap://bumblebee.lab.eng.pnq.redhat.com 2. service nslcd restart 3. Actual results: # service nslcd restart Stopping nslcd: [ OK ] Starting nslcd: nslcd: /etc/nslcd.conf:132: unknown keyword: 'sudoers_base' [FAILED] However, sudo works as expected if you have "sudoers_base" and "sudoers_debug" in /etc/nslcd.conf. Expected results: nslcd should recognize these keywords. As per the fix in https://bugzilla.redhat.com/show_bug.cgi?id=709235 sudo now searches the /etc/nslcd.conf file, hence the sudoers_base and sudoers_debug keywords should be recognized and nslcd should start without any failures. Additional info: https://bugzilla.redhat.com/show_bug.cgi?id=709235