On 05/29/2012 09:55 AM, Stephen Gallagher wrote:
> On Tue, 2012-05-29 at 09:00 -0800, Erinn Looney-Triggs wrote:
>> I have been working on configuring SSSD to handle sudo natively in
>> Fedora 17.
>> Here are the versions of things:
>> This is running against a RHEL 6.2 IPA server:
>> I have been using these two sources of information:
(Thanks for the write up)
>> The bit that seems to hang for me is when it comes to the
>> ldap_sudo_search_base, the blog doesn't state explicitly that it should
>> go in the domain section of sssd.conf, but the feature page does, so I
>> drop it in there, after a restart even simple lookups via getent passwd
>> won't work any more, remove it, restart sssd, things work fine. I
>> suppose I should mention that my test system has been working fine as an
>> IPA client up until I start messing with the sudo bit.
>> The line I am trying to put into the domains section is the following:
>> ldap_sudo_search_base = "ou=SUDOers,dc=foo,dc=com"
> Remove the quotes. That's probably breaking the parser, which in turn
> causes SSSD to fail to start properly.
Thanks, that did the trick. I will have to let Jakub know to remove the
quotes in the blog post.