Skip to content
Advertisement

SSSD and sudo: mismatch between sudoHost and server hostname

I’m running SSSD/LDAP on CentOS6 to authenticate users and I’ve configured it also to get SUDO information from the LDAP server.

If I run hostname on my server I get:

[root@myserver ~]# hostname
myserver

I configured sssd.conf with a search base, for example:

ldap_sudo_search_base = OU=Staff,OU=SUDOers,ou=company,dc=my,dc=com

Users who have SUDO rights on this machine have this kind of entry:

# SP_xxxx_me, Staff, SUDOers, company, my.com
dn: CN=SP_xxxx_me,OU=Staff,OU=SUDOers,ou=company,dc=my,dc=com
sudoHost: sometext-myserver

Now, as you see there is a mismatch between sudoHost and hostname. Is there a way to match the two in sssd.conf without having to change the server hostname nor the entry in LDAP? I would like to define that all people who have SUDO rights on “sometext-myserver” also have sudo access on “myserver”.

This the error I get with the current configuration:

[me@myserver ~]$ sudo su
me is not allowed to run sudo on myserver.  This incident will be reported.

Advertisement

Answer

I tried to use the following but it didn’t work: ldap_sudo_hostnames = sometext-myserver

This is what made it work: ipa_hostname=sometext-myserver

So I think this a bug, I filed it to RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1188338

User contributions licensed under: CC BY-SA
3 People found this is helpful
Advertisement