Red Hat Bugzilla – Bug 860386
new /etc/sudo-ldap.conf configuration file problems
Last modified: 2013-02-28 19:33:55 EST
Description of problem: Bug 760843 (https://bugzilla.redhat.com/show_bug.cgi?id=760843) is CLOSED ERRATA. It is released in ERRATA http://rhn.redhat.com/errata/RHBA-2012-0905.html. However, the changes have multiple problems: 1. De most severe is that the Identity Management Guide is not updated to this new situation. Especially the instructions to configure ipa clients for sudo thru ldap (https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#Setting_up_sudo_Rules-Client_Configuration_for_sudo_Rules). 2. The newly installed /etc/sudo-ldap.conf has some of the entries from the old /etc/nslcd.conf, but not all. However, all the entries from the documentation are needed. It would be nice is that is reflected in the file commented out entries. 3. The permissions of /etc/sudo-ldap does not seem to be correct. It is 440. Shouldn't it be 640? Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Read par 13.4.2 of Identity Management Guide for RHEL6.3 2. Configure system accordingly 3. See if it works (it doesn't) Actual results: Sudo does not query IPA for sudo data Expected results: Sudo queries IPA for sudo data and acts accordingly Additional info: I have today spent a good 4 hours trying to get this to work just to find out why it didn't. Not funny!! I do not understand this process. Why are errata released without adjusting the documentation accordingly?
Re-assigning component to documentation. The second two problems need to be handled in the sudo package. I filed https://bugzilla.redhat.com/show_bug.cgi?id=860397 and cc'd you on it.
Mass closure.