I’m running SSSD/LDAP on CentOS6 to authenticate users and I’ve configured it also to get SUDO information from the LDAP server.
If I run hostname on my server I get:
[root@myserver ~]# hostname myserver
I configured sssd.conf with a search base, for example:
ldap_sudo_search_base = OU=Staff,OU=SUDOers,ou=company,dc=my,dc=com
Users who have SUDO rights on this machine have this kind of entry:
# SP_xxxx_me, Staff, SUDOers, company, my.com dn: CN=SP_xxxx_me,OU=Staff,OU=SUDOers,ou=company,dc=my,dc=com sudoHost: sometext-myserver
Now, as you see there is a mismatch between sudoHost and hostname. Is there a way to match the two in sssd.conf without having to change the server hostname nor the entry in LDAP? I would like to define that all people who have SUDO rights on “sometext-myserver” also have sudo access on “myserver”.
This the error I get with the current configuration:
[me@myserver ~]$ sudo su me is not allowed to run sudo on myserver. This incident will be reported.
Advertisement
Answer
I tried to use the following but it didn’t work: ldap_sudo_hostnames = sometext-myserver
This is what made it work: ipa_hostname=sometext-myserver
So I think this a bug, I filed it to RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1188338