I have been working on configuring SSSD to handle sudo natively in
Fedora 17.
Here are the versions of things:
sssd-1.8.3-11.fc17.x86_64
sudo-1.8.3p1-7.fc17.x86_64
This is running against a RHEL 6.2 IPA server:
ipa-server-2.1.3-9.el6.x86_64
I have been using these two sources of information:
https://fedoraproject.org/wiki/Features/SSSDSudoIntegration
http://jhrozek.livejournal.com/2065.html (Thanks for the write up)
The bit that seems to hang for me is when it comes to the
ldap_sudo_search_base, the blog doesn't state explicitly that it should
go in the domain section of sssd.conf, but the feature page does, so I
drop it in there, after a restart even simple lookups via getent passwd
won't work any more, remove it, restart sssd, things work fine. I
suppose I should mention that my test system has been working fine as an
IPA client up until I start messing with the sudo bit.
The line I am trying to put into the domains section is the following:
ldap_sudo_search_base = "ou=SUDOers,dc=foo,dc=com"
Any thoughts?
-Erinn