Red Hat Bugzilla – Bug 860386
new /etc/sudo-ldap.conf configuration file problems
Last modified: 2013-02-28 19:33:55 EST
Description of problem:
Bug 760843 (https://bugzilla.redhat.com/show_bug.cgi?id=760843) is CLOSED ERRATA. It is released in ERRATA http://rhn.redhat.com/errata/RHBA-2012-0905.html. However, the changes have multiple problems:
1. De most severe is that the Identity Management Guide is not updated to this new situation. Especially the instructions to configure ipa clients for sudo thru ldap (https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#Setting_up_sudo_Rules-Client_Configuration_for_sudo_Rules).
2. The newly installed /etc/sudo-ldap.conf has some of the entries from the old /etc/nslcd.conf, but not all. However, all the entries from the documentation are needed. It would be nice is that is reflected in the file commented out entries.
3. The permissions of /etc/sudo-ldap does not seem to be correct. It is 440. Shouldn't it be 640?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Read par 13.4.2 of Identity Management Guide for RHEL6.3
2. Configure system accordingly
3. See if it works (it doesn't)
Sudo does not query IPA for sudo data
Sudo queries IPA for sudo data and acts accordingly
I have today spent a good 4 hours trying to get this to work just to find out why it didn't. Not funny!! I do not understand this process. Why are errata released without adjusting the documentation accordingly?
Re-assigning component to documentation.
The second two problems need to be handled in the sudo package. I filed https://bugzilla.redhat.com/show_bug.cgi?id=860397 and cc'd you on it.