PDA

View Full Version : SLES12: using sudo-rules from LDAP



dpueltz
09-Nov-2014, 16:05
Hello,
new topic for me: sssd
With some reading in the man-Pages and on docs.fedoraproject.org (!) I've managed to use our LDAP-Infrastructure for user-Logins, as we did with nss_ldap and pam_ldap in the past.
But I can't manage to use the sudo-rules from LDAP. Each time when I call the sudo-command, it's complaining about a missing /usr/lib64/libsss_sudo.so.

Which RPM-Package contains this Lib?

regards, Detlef

malcolmlewis
09-Nov-2014, 19:01
On Sun 09 Nov 2014 03:14:01 PM CST, dpueltz wrote:


Hello,
new topic for me: sssd
With some reading in the man-Pages and on docs.fedoraproject.org (!)
I've managed to use our LDAP-Infrastructure for user-Logins, as we did
with nss_ldap and pam_ldap in the past.
But I can't manage to use the sudo-rules from LDAP. Each time when I
call the sudo-command, it's complaining about a missing
/usr/lib64/libsss_sudo.so.

Which RPM-Package contains this Lib?

regards, Detlef




Hi
It should be in the sssd package (well it was for SLES 11 SP3), but
looks like it's been missed in the SLES 12 rpm. Can you raise an SR and
post back the SR number and can follow up with my SUSE contacts.

--
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.28-4-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!

dpueltz
09-Nov-2014, 20:47
SR 10924006281

Thanks!
Here at home, with opensuse-13.1, it would be the package "libsss_sudo"

malcolmlewis
09-Nov-2014, 21:24
On Sun 09 Nov 2014 07:54:01 PM CST, dpueltz wrote:


SR 10924006281

Thanks!
Here at home, with opensuse-13.1, it would be the package
"libsss_sudo"



Hi
Yes, it has the shared library (so) and the header file.

--
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.28-4-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!

dpueltz
12-Feb-2015, 14:09
SR 10924006281: 3 months ago I opened this SR, nothing heard since then!

What can be so difficult to release a patch for package "sssd"? The sssd-package of SLES11-SP3 contains the missing lib (and works!)

BTW: Am I the only one who's missing this lib? Or ist anyone else using the "old fashioned" (but functional !!!) pam_ldap/nss_ldap ?

jmozdzen
12-Feb-2015, 14:24
Hi dpueltz,

SR 10924006281: 3 months ago I opened this SR, nothing heard since then!

What can be so difficult to release a patch for package "sssd"? The sssd-package of SLES11-SP3 contains the missing lib (and works!)

BTW: Am I the only one who's missing this lib? Or ist anyone else using the "old fashioned" (but functional !!!) pam_ldap/nss_ldap ?

you may want to take this to https://forums.suse.com/forumdisplay.php?55-Talk-to-a-SUSE-Technical-Services-Manager, which is the proper place for such comments.

BTW, from your list of two, I'm using option 3: Still working on SLES11SP3 ;)

Regards,
Jens

malcolmlewis
12-Feb-2015, 14:24
On Thu 12 Feb 2015 01:14:01 PM CST, dpueltz wrote:


SR 10924006281: 3 months ago I opened this SR, nothing heard since then!


What can be so difficult to release a patch for package "sssd"? The
sssd-package of SLES11-SP3 contains the missing lib (and works!)

BTW: Am I the only one who's missing this lib? Or ist anyone else using
the "old fashioned" (but functional !!!) pam_ldap/nss_ldap ?




Hi
I've pinged my SUSE Contacts to see what is happening.

--
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.36-38-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!

fpernet
23-Feb-2015, 15:37
Hi All,

Same problem for one of my customer. nss mappings including sudo in ldap is a very popular way to centralize informations. We really need a solution for this.
It is already hard enough to switch from openldap to sssd (especially to find correct documentation), we really don't need a missing library ...

Reminder:
SLES12 : version 1.11.5.1 without any libsss_sudo.so
SLES11 : version 1.9.5 complete
OpenSuse : version 1.12.2 complete
Seems to critical to upgrade the whole sssd stack on a production server ...

I can also open an SR but i am not sure it will speed up a solution. 3 months wihtout an explanation is not very serious and i start to have problem wht my Suse customers.

Cheers

jmozdzen
24-Feb-2015, 14:03
Hi fpernet,

> 3 months wihtout an explanation

I can't help with that, but from what I've heard there's no need to open a SR. OTOH, maybe you'd receive an explanation that way? ;)

Regards,
Jens

hangarbait
05-Jul-2015, 16:32
SR 10924006281: 3 months ago I opened this SR, nothing heard since then!

What can be so difficult to release a patch for package "sssd"? The sssd-package of SLES11-SP3 contains the missing lib (and works!)

BTW: Am I the only one who's missing this lib? Or ist anyone else using the "old fashioned" (but functional !!!) pam_ldap/nss_ldap ?

For what it is worth, it does look like SUSE has addressed this with SLES 12 :-) ..........

https://www.suse.com/support/update/announcement/2015/suse-ru-20150864-1.html


Cheers,

-- lorenso