Re: Fresh instalation problem

[Alan Orlič Belšak <alan.orlic@xxxxxxxx>]

Found the problem, 389-console on Windows computer. Reinstalled it, cleared all .jar files and now it's working correctly.

Bye, Alan

On 23.5.2013 8:08, Alan Orlič Belšak wrote:

Just tried to make fresh install, but when I try to manage it with 389 Console (Configuration), I got the following error:
The user uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot does not have permission to perform this operation.

OS is Centos 6.4, 389 are the following versions:
389-admin-console-1.1.8-1.el6.noarch
389-adminutil-1.1.15-1.el6.i686
389-ds-base-1.2.11.15-11.el6.i686
389-admin-1.1.29-1.el6.i686
389-ds-console-doc-1.2.6-1.el6.noarch
389-dsgw-1.1.10-1.el6.i686
389-admin-console-doc-1.1.8-1.el6.noarch
389-console-1.1.7-1.el6.noarch
389-ds-base-libs-1.2.11.15-11.el6.i686
389-ds-1.2.2-1.el6.noarch
389-ds-console-1.2.6-1.el6.noarch

I found this:
http://lists.fedoraproject.org/pipermail/389-users/2011-January/012718.html

But this is old error. The interesting thing is that the upgrades are working ok.

Alan

On 23.5.2013 4:15, Dan Lavu wrote:

John,

Thanks for all the info. I'm running a very similar setup but I'm still using the legacy sudo-ldap.conf for my sudo info, I'll install sudo-sss and give that a whirl. 

Dan

On May 22, 2013, at 8:09 PM, Jonathan Vaughn <jonathan@xxxxxxxxxxxxx> wrote:

we're using sssd for Kerberos logins with LDAP user account details, and it's caching sudo LDAP for us too. I'm not sure off hand if it'll work with nested groups if you use them - we haven't used nested groups on any of the groups we've used with sudo (due to other various programs failing to support either recursing through groups or using the memberof attribute on the user).

For that example I gave before, the other sudo values are:

sudocommand: ALL

sudohost: ALL

On other sudoroles we have specific commands and hosts too. We're not using any other sudo attributes on our sudoroles at the moment (we actually need to update the schema for the version of sudo we're running, since it expectes sudorunasuser and sudorunasgroup rather than sudorunas, for example).

On Wed, May 22, 2013 at 7:54 PM, Dan Lavu <dan@xxxxxxxx> wrote:

John,

Thats the last thing I wanted to hear. What attributes do you have, sudouser, sudooptions, sudorun? Also are you using sssd or pam ldap?

Dan

On May 22, 2013, at 7:52 PM, Jonathan Vaughn <jonathan@xxxxxxxxxxxxx> wrote:

Works for us fine without any fancy treatment:

sudouser: %Global System Administrators

using sudo 1.8.something on centos.

On Wed, May 22, 2013 at 7:36 PM, Dan Lavu <dan@xxxxxxxx> wrote:

Has anybody successfully created a sudoers group in 389 that contains a space? Whatever way I try to escape the space in my sudouser attribute it just doesn't like it. I'm able to escape the space in /etc/sudoers by using \ .

So..

sudouser: %domain\ admins
sudouser: %domain admins
sudouser: \%domain\ admins
sudouser: "%domain admins"
sudouser: '%domain admins'

have not worked, thanks in advance.

Dan
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users