Show Table of Contents
Chapter 17. Authentication and Interoperability
SSSD fails to manage sudo rules from the IdM LDAP tree
The System Security Services Daemon (SSSD) currently uses the IdM LDAP tree by default. As a consequence, it is not possible to assign sudo rules to non-POSIX groups. To work around this problem, modify the
/etc/sssd/sssd.conf file to set your domain to use the compat tree again:
[domain/EXAMPLE] ... ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
As a result, SSSD will load sudo rules from the
compat tree and you will be able to assign rules to non-POSIX groups.
Note that Red Hat recommends to configure groups referenced in sudo rules as POSIX groups. (BZ#1336548)
winbindd crashes when installing a new AD trust
When configuring a new Active Directory (AD) trust on a newly installed system, the
ipa-adtrust-install utility might report that the winbindd service terminated unexpectedly. Otherwise, ipa-adtrust-install completes successfully.
If this problem occurs, restart the IdM services by using the
ipactl restart command after running ipa-adtrust-install. This also restarts winbindd.
Note that the full extent of the functional impact of this problem is still unknown. Some trust functionality might not work until
winbindd is restarted. (BZ#1399058)
nslcd fails to resolve user or group identities when it is started before the network connection is fully up
When
nslcd, the local LDAP name service daemon, is started before the network connection is fully up, the daemon fails to connect to an LDAP server. As a consequence, resolving user or group identities does not work. To work around this problem, start nslcd after the network connection is up. (BZ#1401632)
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.