Description of problem: From : 13.1.1. General sudo Configuration in Identity Management Because the sudo information is not available anonymously over LDAP by default, Identity Management defines a default sudo user, uid=sudo,cn=sysaccounts,cn=etc,$SUFFIX, which can be set in the LDAP/sudo configuration file, /etc/nslcd.conf. (The /etc/nslcd.conf file is created by the nss-pam-ldapd package. However, if nss-pam-ldapd is not installed, then the /etc/nslcd.conf file can be created manually.) With the release of RHEL6.3, sudo configuration needs to be in /etc/sudo-ldap.conf (not nslcd.conf). Refer: https://bugzilla.redhat.com/show_bug.cgi?id=760843 Additional info: Technical notes from the above bug report. Cause: Sudo used the /etc/nslcd.conf for configuring the LDAP sudoers sources but the script parsing of this file by the nslcd daemon caused it to terminate when it encountered a sudo specific keyword. Consequence: No proper way to have both the nslcd daemon running and the LDAP sudoers sources configured. Fix: Sudo now uses a separate file, /etc/sudo-ldap.conf, for configuring LDAP sudoers sources. Result: Sudo uses it's own file for configuring the sudoers LDAP source and does not interfere with any other program.
Also in section, 13.4.2. Client Configuration for sudo Rules Enable debug logging for sudo operations in the /etc/ldap.conf file. If this file does not exist, it can be created. vim /etc/ldap.conf sudoers_debug: 1 it should be /etc/sudo-ldap.conf Also there are many instances of /etc/nslcd.conf for sudo configuration, please replace them with /etc/sudo-ldap.conf Version-Release number of selected component (if applicable): Red Hat Enterprise Linux 6.3 (sudo 1.7.4p5-8 or newer )
As the sudo ldap.conf file changes depending on the version you have - I would suggest adding the following so that the user can verify the correct location: # sudo -V | grep "^ldap.conf" The list of different files (that I have recorded) are: RHEL 6.0: sudo-1.7.2p2-9.el6 # sudo -V | egrep "version|^ldap.conf" Sudo version 1.7.2p2 ldap.conf path: /etc/ldap.conf RHEL6.1: sudo-1.7.4p5-5.el6 Sudo version 1.7.4p5 ldap.conf path: /etc/nss_ldap.conf RHEL6.2: sudo-1.7.4p5-7.el6 Sudo version 1.7.4p5 ldap.conf path: /etc/nslcd.conf RHEL6.3: sudo-1.7.4p5-13.el6_3.x86_64 Sudo version 1.7.4p5 ldap.conf path: /etc/sudo-ldap.conf This also needs to be updated in the v5 documentation: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html-single/Configuring_Identity_Management/index.html#Setting_up_sudo_Rules-Client_Configuration_for_sudo_Rules (Step 4) as the latest file is /etc/ldap.conf not nss_ldap.conf for sudo-1.7.2p1-13.el5 on RHEL 5.8. (Let me know if a seperate BZ needs to be raised for this).
Mass closure.