Found the problem, 389-console on Windows computer. Reinstalled it,
cleared all .jar files and now it's working correctly.
Bye, Alan
On 23.5.2013 8:08, Alan Orlič Belšak wrote:
Just tried to make fresh install, but when I try to manage it with
389
Console (Configuration), I got the following error:
The user
uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does
not have permission to perform this operation.
OS is Centos 6.4, 389 are the following versions:
389-admin-console-1.1.8-1.el6.noarch
389-adminutil-1.1.15-1.el6.i686
389-ds-base-1.2.11.15-11.el6.i686
389-admin-1.1.29-1.el6.i686
389-ds-console-doc-1.2.6-1.el6.noarch
389-dsgw-1.1.10-1.el6.i686
389-admin-console-doc-1.1.8-1.el6.noarch
389-console-1.1.7-1.el6.noarch
389-ds-base-libs-1.2.11.15-11.el6.i686
389-ds-1.2.2-1.el6.noarch
389-ds-console-1.2.6-1.el6.noarch
I found this:
http://lists.fedoraproject.org/pipermail/389-users/2011-January/012718.html
But this is old error. The interesting thing is that the upgrades are
working ok.
Alan
On 23.5.2013 4:15, Dan Lavu wrote:
> John,
>
> Thanks for all the info. I'm running a very similar setup but I'm
> still using the legacy sudo-ldap.conf for my sudo info, I'll install
> sudo-sss and give that a whirl.
>
> Dan
>
> On May 22, 2013, at 8:09 PM, Jonathan Vaughn <jonathan(a)creatuity.com
> <mailto:jonathan@creatuity.com>> wrote:
>
>> we're using sssd for Kerberos logins with LDAP user account details,
>> and it's caching sudo LDAP for us too. I'm not sure off hand if
>> it'll work with nested groups if you use them - we haven't used
>> nested groups on any of the groups we've used with sudo (due to
>> other various programs failing to support either recursing through
>> groups or using the memberof attribute on the user).
>>
>> For that example I gave before, the other sudo values are:
>> sudocommand: ALL
>> sudohost: ALL
>>
>> On other sudoroles we have specific commands and hosts too. We're
>> not using any other sudo attributes on our sudoroles at the moment
>> (we actually need to update the schema for the version of sudo we're
>> running, since it expectes sudorunasuser and sudorunasgroup rather
>> than sudorunas, for example).
>>
>> On Wed, May 22, 2013 at 7:54 PM, Dan Lavu <dan(a)lavu.net
>> <mailto:dan@lavu.net>> wrote:
>>
>> John,
>>
>> Thats the last thing I wanted to hear. What attributes do you
>> have, sudouser, sudooptions, sudorun? Also are you using sssd or
>> pam ldap?
>>
>> Dan
>>
>>
>> On May 22, 2013, at 7:52 PM, Jonathan Vaughn
>> <jonathan(a)creatuity.com <mailto:jonathan@creatuity.com>> wrote:
>>
>>> Works for us fine without any fancy treatment:
>>> sudouser: %Global System Administrators
>>>
>>> using sudo 1.8.something on centos.
>>>
>>> On Wed, May 22, 2013 at 7:36 PM, Dan Lavu <dan(a)lavu.net
>>> <mailto:dan@lavu.net>> wrote:
>>>
>>> Has anybody successfully created a sudoers group in 389
>>> that contains a space? Whatever way I try to escape the
>>> space in my sudouser attribute it just doesn't like it. I'm
>>> able to escape the space in /etc/sudoers by using \ .
>>>
>>> So..
>>>
>>> sudouser: %domain\ admins
>>> sudouser: %domain admins
>>> sudouser: \%domain\ admins
>>> sudouser: "%domain admins"
>>> sudouser: '%domain admins'
>>>
>>> have not worked, thanks in advance.
>>>
>>> Dan
>>> --
>>> 389 users mailing list
>>> 389-users(a)lists.fedoraproject.org
>>> <mailto:389-users@lists.fedoraproject.org>
>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users(a)lists.fedoraproject.org
>>> <mailto:users@lists.fedoraproject.org>
>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org
>> <mailto:389-users@lists.fedoraproject.org>
>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org <mailto:users@lists.fedoraproject.org>
>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users