On (06/11/13 10:01), Michael wrote:
This started out as a request for help, but since I figured out the
issue I figure I will post the solution instead
have SSSD set up for authentication via LDAP on Ubuntu 12.04, want to
use it for SUDO as well instead of sudo-ldap as this will allow caching
of sudo rules when not connected to ldap server.
I followed every guide, but nothing I did allowed sudo to even attempt
using sssd for sudo rules.
In the end, the issue is that sudo binary for 12.04 (sudo 1.8.3p2) does
NOT include sssd support. When I went to rebuild the DEB from Ubuntu
source DEB, I realized that 1.8.3 does not have SSSD support at all.
Using 1.8.8 binary from sudo.ws did not help either as while 1.8.8 does
support sssd, the Ubuntu DEB seems to be compiled without it (they
mirror Ubuntu's own flags)
So the solution ended up to download sudo 1.8.8 source, and re-compile a
DEB with following options (they use a handy "mkpkg" to generate packages):
For my own sanity I have added a release tag so that I know when my own
package is used (there is probably a better way, but this was fast)
- pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)' \| 0 \) +
+ pp_rpm_release="`expr \( $version : '.*p\([0-9][0-9]*\)' \| 0 \) +
Step 2: Install pre-requisites for building sudo.
I started with "apt-get build-dep sudo", and at the very least added
libselinux-dev. I am not sure exact pre-reqs, so you may need to read up
on sudo or keep trying to build until all pre-reqs are there
Step 3: Build the actual DEB
I chose to build
./mkpkg --flavor=ldap --with-sssd --with-sssd-lib=/usr/lib/ARCH
/usr/lib/ARCH is path to lib directory containing your libsss_sudo.so -
in my case it is /usr/lib/x86_64-linux-gnu. There is probably a proper
multiarch way to do this, but every time I tried it failed and I did not
have time to research it.
If all your pre-reqs are in order, you will end up with a deb package.
You can then install it manually with dpkg -i or sign it and stick it
into your own apt repo.
Step 4: Runtime pre-reqs
When installing, I noticed that "libsss-sudo" was not instralled, so I
needed to install it manually
Step 5: After this, standard sssd-sudo instructions worked fine
Hope this helps the few people silly enough to try this,
Very nice HOWTO.
It can be usefull for users which have ubuntu <= 13.10 (saucy) or
debian <= 7 (wheezy).
Newer versions of sudo >= 1.8.8 have sssd support in package "sudo", but
"sssd-ldap" does not have sssd support.
sudo >= 1.8.8 can be found on debian>=jessie or ubuntu>=trusty
I didn't try it, but easier option can be to backport sudo 1.8.8-2.
I hope this helps someone.