Description of problem: First two problems moved over from BZ https://bugzilla.redhat.com/show_bug.cgi?id=860386 1. The newly installed /etc/sudo-ldap.conf has some of the entries from the old /etc/nslcd.conf, but not all. However, all the entries from the documentation are needed. It would be nice is that is reflected in the file commented out entries. 2. The permissions of /etc/sudo-ldap does not seem to be correct. It is 440. Shouldn't it be 640? 3. There is no man page for sudo-ldap.conf 4. sudo-ldap.conf is not mentioned in the sudo man page. Version-Release number of selected component (if applicable): sudo-1.7.4p5-13.el6_3 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Hi, (In reply to comment #0) > Description of problem: > > First two problems moved over from BZ > https://bugzilla.redhat.com/show_bug.cgi?id=860386 > > 1. The newly installed /etc/sudo-ldap.conf has some of the entries from the > old /etc/nslcd.conf, but not all. However, all the entries from the > documentation are needed. It would be nice is that is reflected in the file > commented out entries. could you please provide the list of additional entries that should be in the sudo-ldap.conf file? The configuration file now contains the most important once and they are commented out. > 3. There is no man page for sudo-ldap.conf > 4. sudo-ldap.conf is not mentioned in the sudo man page. It's referenced from the README.LDAP file which is part of the documentation that gets installed on the system.
Look here: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#Setting_up_sudo_Rules-Client_Configuration_for_sudo_Rules
(In reply to comment #2) > > 3. There is no man page for sudo-ldap.conf > > 4. sudo-ldap.conf is not mentioned in the sudo man page. > > It's referenced from the README.LDAP file which is part of the documentation > that gets installed on the system. And also from man sudoers.ldap
Changes made: 1. corrected file permissions to 0640 2. added commented out option to sudo-ldap.conf: #binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com #bindpw secret #ssl start_tls #tls_cacertfile /path/to/CA.crt #tls_checkpeer yes
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0363.html