Bug 860386 - new /etc/sudo-ldap.conf configuration file problems
new /etc/sudo-ldap.conf configuration file problems
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: doc-Identity_Management_Guide (Show other bugs)
x86_64 Linux
unspecified Severity medium
: rc
: ---
Assigned To: Deon Ballard
: Documentation
Depends On:
  Show dependency treegraph
Reported: 2012-09-25 13:51 EDT by Fred van Zwieten
Modified: 2013-02-28 19:33 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-02-28 19:33:55 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Fred van Zwieten 2012-09-25 13:51:12 EDT
Description of problem:
Bug 760843 (https://bugzilla.redhat.com/show_bug.cgi?id=760843) is CLOSED ERRATA. It is released in ERRATA http://rhn.redhat.com/errata/RHBA-2012-0905.html. However, the changes have multiple problems:

1. De most severe is that the Identity Management Guide is not updated to this new situation. Especially the instructions to configure ipa clients for sudo thru ldap (https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#Setting_up_sudo_Rules-Client_Configuration_for_sudo_Rules). 

2. The newly installed /etc/sudo-ldap.conf has some of the entries from the old /etc/nslcd.conf, but not all. However, all the entries from the documentation are needed. It would be nice is that is reflected in the file commented out entries.

3. The permissions of /etc/sudo-ldap does not seem to be correct. It is 440. Shouldn't it be 640?

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Read par 13.4.2 of Identity Management Guide for RHEL6.3
2. Configure system accordingly
3. See if it works (it doesn't)
Actual results:
Sudo does not query IPA for sudo data

Expected results:
Sudo queries IPA for sudo data and acts accordingly

Additional info:
I have today spent a good 4 hours trying to get this to work just to find out why it didn't. Not funny!! I do not understand this process. Why are errata released without adjusting the documentation accordingly?
Comment 2 Rob Crittenden 2012-09-25 14:12:29 EDT
Re-assigning component to documentation.

The second two problems need to be handled in the sudo package. I filed https://bugzilla.redhat.com/show_bug.cgi?id=860397 and cc'd you on it.
Comment 4 Deon Ballard 2013-02-28 19:33:55 EST
Mass closure.

Note You need to log in before you can comment on or make changes to this bug.