Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only

  • 1.  Sudo on LDAP for AIX

    Posted Thu March 02, 2017 08:02 AM

    Originally posted by: Abderahim


    Hello IBMers,

     

    I would like test and validate synchronizing sudoers in a large, distributed AIX environments connected with an OpenLDAP.

    the rpm package is available on our yum repository, can you help me to configure it please ? is there a requisite on LDAP site ?

    If i should recreate this rpm, is there a document on how to rebuild RPMS ?

    root@inf000ora0002:/root# yum info sudo-1.8.15-2

    Available Packages

    Name        : sudo

    Arch        : ppc

    Version     : 1.8.15

    Release     : 2

    Size        : 550 k

    Repo        : AIX_Toolbox_71

    Summary     : Allows restricted root access for specified users.

    URL         : http://www.sudo.ws

    License     : IBM_ILA

    Description : Sudo (superuser do) allows a system administrator to give certain users (or

                : groups of users) the ability to run some (or all) commands as root while

                : logging all commands and arguments. Sudo operates on a per-command basis.  It

                : is not a replacement for the shell.  Features include: the ability to restrict

                : what commands a user may run on a per-host basis, copious logging of each

                : command (providing a clear audit trail of who did what), a configurable timeout

                : of the sudo command, and the ability to use the same configuration file

                : (sudoers) on many different machines.

    Errors :

    root@ud000ovd0300:/etc/security/ldap# sudo -V
    Sudo version 1.8.15
    Configure options: --prefix=/opt/freeware --sbindir=/opt/freeware/sbin --mandir=/opt/freeware/man --with-logging=syslog --with-logfac=auth --without-pam --with-env-editor --with-ignore-dot --with-authenticate --with-tty-tickets --with-ldap=/opt/freeware --with-ldap-conf-file=/opt/freeware/etc/openldap/ldap.conf --with-ldap-secret-file=/opt/freeware/etc/openldap/slapd.conf
    sudo: error in /etc/sudo.conf, line 0 while loading plugin `sudoers_policy'
    sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: Could not load module /opt/freeware/lib/libldap.a(libldap-2.4.so.2).
            Dependent module /opt/freeware/lib/libssl.a(libssl.so) could not be loaded.
            Member libssl.so is not found in archive
    Could not load module /opt/freeware/libexec/sudo/sudoers.so.
            Dependent module /opt/freeware/lib/libldap.a(libldap-2.4.so.2) could not be loaded.
    sudo: fatal error, unable to load plugins
    root@ud000ovd0300:/etc/security/ldap#

    Thank you so much,

     

    Best regards,

    Abderahim


    #AIXOpenSource
    #AIX-Open-Source-Software


  • 2.  Re: Sudo on LDAP for AIX

    Posted Fri March 03, 2017 12:22 PM

    Originally posted by: sangameshm


    Hi Abderahim,

     

    Looks like you have an openssl rpm package installed in your system which we don't provide in our AIX toolbox.

    AIX provides an openssl library in /usr/lib/libssl.a & we build all of our packages with /usr/lib/libssl.a.

    Since sudo library depends on ldap whose search path looks for libraries in  /opt/freeware/lib path first and sees that libssl.a is present but doesn't seem to be having required member (ie libssl.so).

    Could you these two command and see the output ?

    ar -tv /usr/lib/libssl.a
    ar -tv /opt/freeware/lib/libssl.a

     

    Thanks,

    Sangamesh

     

     


    #AIX-Open-Source-Software
    #AIXOpenSource


  • 3.  Re: Sudo on LDAP for AIX

    Posted Fri March 03, 2017 01:14 PM

    Originally posted by: sangameshm


    As an workaround you could also try setting the LIBPATH=/usr/lib:/opt/freeware/lib:lib

     

    Thanks,

    Sangamesh
     


    #AIX-Open-Source-Software
    #AIXOpenSource


  • 4.  Re: Sudo on LDAP for AIX

    Posted Thu March 16, 2017 12:44 PM
      |   view attached

    Originally posted by: Abderahim


    Hi sanga,

    I compile with idsldap libraries. that's our config.  

    The errors are different ! On attachment errot log file. Thank you for your help.

     

    root@inf000ora0002:/opt/freeware/src/packages/SPECS# export CC=cc

    root@inf000ora0002:/opt/freeware/src/packages/SPECS# rpmbuild -ba sudo-1.8.15-2.spec > /tmp/rpmbuild.lst

    + umask 022

    + cd /opt/freeware/src/packages/BUILD

    + cd /opt/freeware/src/packages/BUILD

    + rm -rf sudo-1.8.15

    + /opt/freeware/bin/gzip -dc /opt/freeware/src/packages/SOURCES/sudo-1.8.15.tar.gz

    + /usr/bin/tar -xf -

    + STATUS=0

    + [ 0 -ne 0 ]

    + cd sudo-1.8.15

    + cat /opt/freeware/src/packages/SOURCES/IBM_ILA

    + 1> doc/LICENSE.new

    + cat doc/LICENSE

    + 1>> doc/LICENSE.new

    + mv doc/LICENSE.new doc/LICENSE

    + exit 0

    + umask 022

    + cd /opt/freeware/src/packages/BUILD

    + cd sudo-1.8.15

    + [[ -z cc ]]

    + [[ cc != gcc ]]

    + echo -O2 -g -fsigned-char

    + sed s:-fsigned-char::

    + export RPM_OPT_FLAGS=-O2 -g

    + ./configure --prefix=/opt/freeware --with-ldap=/opt/IBM/ldap/V6.4 --with-aixauth --with-ldap-conf-file=/etc/security/ldap/ldap.cfg --with-logging=syslog --with-env-editor --disable-path-info

    + CFLAGS=-O2 -g

    + make

        1500-030: (I) INFORMATION: sudoers_policy_deserialize_info: Additional optimization may be attained by recompiling and specifying MAXMEM option with a value greater than 8192.

        1500-030: (I) INFORMATION: sudoers_policy_main: Additional optimization may be attained by recompiling and specifying MAXMEM option with a value greater than 8192.

    "./timestamp.c", line 357.20: 1506-1332 (W) A function with return type "void" may not return a value of type "void".

    "./timestamp.c", line 363.20: 1506-1332 (W) A function with return type "void" may not return a value of type "void".

        1500-030: (I) INFORMATION: sudo_ldap_read_config: Additional optimization may be attained by recompiling and specifying MAXMEM option with a value greater than 8192.

        1500-030: (I) INFORMATION: set_default: Additional optimization may be attained by recompiling and specifying MAXMEM option with a value greater than 8192.

        1500-030: (I) INFORMATION: sudoerslex: Additional optimization may be attained by recompiling and specifying MAXMEM option with a value greater than 8192.

        1500-030: (I) INFORMATION: parse_logfile: Additional optimization may be attained by recompiling and specifying MAXMEM option with a value greater than 8192.

        1500-030: (I) INFORMATION: main: Additional optimization may be attained by recompiling and specifying MAXMEM option with a value greater than 8192.

        1500-030: (I) INFORMATION: exec_monitor: Additional optimization may be attained by recompiling and specifying MAXMEM option with a value greater than 8192.

    + exit 0

    + umask 022

    + cd /opt/freeware/src/packages/BUILD

    + cd sudo-1.8.15

    + rm -rf /var/tmp/sudo-1.8.15-2.ppc

    + mkdir /var/tmp/sudo-1.8.15-2.ppc

    + sed -e s/-o $(sudoers_uid) -g $(sudoers_gid) / /g -e s/-o $(install_uid) -g $(install_gid) / /g -e s/-m 4111// -e s/-m 0111// Makefile

    + 1> Makefile.19464342

    + mv Makefile.19464342 Makefile

    + make

    + make check

    make: The error code from the last command is 1.

     

     

    Stop.

    make: The error code from the last command is 2.

     

     

    Stop.

    error: Bad exit status from /var/tmp/rpm-tmp.Nbuaac (%install)

        Bad exit status from /var/tmp/rpm-tmp.Nbuaac (%install)

    root@inf000ora0002:/opt/freeware/src/packages/SPECS#


    #AIX-Open-Source-Software
    #AIXOpenSource

    Attachment(s)

    lst
    rpmbuild.lst   125 KB 1 version


  • 5.  Re: Sudo on LDAP for AIX

    Posted Fri March 17, 2017 01:24 PM

    Originally posted by: Abderahim


     

     

    Hi IBMers,

     

    There the solution that is used to rebuild this RPM (take care to your idsldap directory and ldap.conf file ) :

     

    1. First action : correct file permissions after launch rpmbuild -ba sudo-1.8.15-2.spec command :

     

    root@inf000ora0002:/root# chown root:system /opt/freeware/src/packages/BUILD/sudo-1.8.15/plugins/sudoers/regress/testsudoers/test3.d/root

     

    2. Second action : there a mistake command that i have commented

     

    + install -d -m 700 /var/tmp/sudo-1.8.15-2.ppc/var/run/sudo

    /usr/bin/getopt: illegal option -- d

    Usage: install [-c dira] [-f dirb] [-i] [-m] [-M mode] [-O owner]

                   [-G group] [-S] [-n dirc] [-o] [-s] file [dirx ...]

    error: Bad exit status from /var/tmp/rpm-tmp.kvr7ac (%install)

     

    3. Third action : comment %doc on SPEC file because i have this error

     

    + DOCDIR=/var/tmp/sudo-1.8.15-2.ppc/opt/freeware/share/doc/sudo-1.8.15

    + export DOCDIR

    + /opt/freeware/bin/mkdir -p /var/tmp/sudo-1.8.15-2.ppc/opt/freeware/share/doc/sudo-1.8.15

    /var/tmp/rpm-tmp.afmMad[28]: /opt/freeware/bin/mkdir:  not found

    error: Bad exit status from /var/tmp/rpm-tmp.afmMad (%doc)

    error: File not found: /var/tmp/sudo-1.8.15-2.ppc/opt/freeware/share/doc/sudo-1.8.15

        Bad exit status from /var/tmp/rpm-tmp.afmMad (%doc)

        File not found: /var/tmp/sudo-1.8.15-2.ppc/opt/freeware/share/doc/sudo-1.8.15


    #AIXOpenSource
    #AIX-Open-Source-Software


  • 6.  Re: Sudo on LDAP for AIX

    Posted Mon March 20, 2017 05:48 AM

    Originally posted by: Abderahim


    Useful note from Sanga, once coreutils insttaled, 2,3 actions (comments) are not necessary. Thanks to Sanga.

     

    Best regards,

    Abderahim 


    #AIX-Open-Source-Software
    #AIXOpenSource


Related Content