On Tue, 2012-05-29 at 09:00 -0800, Erinn Looney-Triggs wrote:
> I have been working on configuring SSSD to handle sudo natively in
> Fedora 17.
>
> Here are the versions of things:
> sssd-1.8.3-11.fc17.x86_64
> sudo-1.8.3p1-7.fc17.x86_64
>
> This is running against a RHEL 6.2 IPA server:
> ipa-server-2.1.3-9.el6.x86_64
>
> I have been using these two sources of information:
>
https://fedoraproject.org/wiki/Features/SSSDSudoIntegration
>
http://jhrozek.livejournal.com/2065.html (Thanks for the write up)
>
> The bit that seems to hang for me is when it comes to the
> ldap_sudo_search_base, the blog doesn't state explicitly that it should
> go in the domain section of sssd.conf, but the feature page does, so I
> drop it in there, after a restart even simple lookups via getent passwd
> won't work any more, remove it, restart sssd, things work fine. I
> suppose I should mention that my test system has been working fine as an
> IPA client up until I start messing with the sudo bit.
>
> The line I am trying to put into the domains section is the following:
> ldap_sudo_search_base = "ou=SUDOers,dc=foo,dc=com"
Remove the quotes. That's probably breaking the parser, which in turn
causes SSSD to fail to start properly.
Thanks, that did the trick. I will have to let Jakub know to remove the
quotes in the blog post.
-Erinn