Este conteúdo não está disponível no idioma selecionado.
Chapter 17. Authentication and Interoperability
SSSD fails to manage sudo rules from the IdM LDAP tree
The System Security Services Daemon (SSSD) currently uses the IdM LDAP tree by default. As a consequence, it is not possible to assign sudo rules to non-POSIX groups. To work around this problem, modify the
/etc/sssd/sssd.conf
file to set your domain to use the compat
tree again:
[domain/EXAMPLE] ... ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
As a result, SSSD will load sudo rules from the
compat
tree and you will be able to assign rules to non-POSIX groups.
Note that Red Hat recommends to configure groups referenced in sudo rules as POSIX groups. (BZ#1336548)
winbindd
crashes when installing a new AD trust
When configuring a new Active Directory (AD) trust on a newly installed system, the
ipa-adtrust-install
utility might report that the winbindd
service terminated unexpectedly. Otherwise, ipa-adtrust-install
completes successfully.
If this problem occurs, restart the IdM services by using the
ipactl restart
command after running ipa-adtrust-install
. This also restarts winbindd
.
Note that the full extent of the functional impact of this problem is still unknown. Some trust functionality might not work until
winbindd
is restarted. (BZ#1399058)
nslcd
fails to resolve user or group identities when it is started before the network connection is fully up
When
nslcd
, the local LDAP name service daemon, is started before the network connection is fully up, the daemon fails to connect to an LDAP server. As a consequence, resolving user or group identities does not work. To work around this problem, start nslcd
after the network connection is up. (BZ#1401632)