Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-7383

Unix Connector is not able to run SUDO commands



    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 4.3.1
    • None
    • Connectors, ConnId
    • None
    • Active subscription



      we're trying to administrate Red Hat Enterprise Linux 8.4 servers using the Unix Connector and we're experiencing the following issue.


      The configuration of the resource was implemented according to the samples available in midPoint repository: user (midpoint_users) with his password are configured, the option "Host user is root user?" is set to false and the sudo password is setted (obviously all the other attributes are correctly configured, too). 


      Using this configuration, the connection is successful but once I click into the "Account" tab, midPoint doesn't list accounts with the following fatal error:
      Couldn't list objectsErrorError communicating with the connector ConnectorInstanceIcfImpl(connector:00335ff5-fd22-46b5-8e09-ff3d21a39f49(ConnId org.connid.bundles.unix.UnixConnector v1.1-SNAPSHOT)): Operation timed out: org.identityconnectors.framework.common.exceptions.OperationTimeoutException(java.util.concurrent.TimeoutException)->java.util.concurrent.TimeoutException(null).


      Logging into the target server and reading the "secure" file (auth.log) I see the following behavior:

      • When midPoint tests connection toward the target server, in the log file results "Accepted password for midpoint_user from ipaddress port 1234 ssh2", "pam_unix(sshd:session): session opened for user midpoint_user by (uid=0)";
      • When midPoint tries to list objects in Account section, in the log file results "pam_unix(sudo:auth): conversation failed", "pam_unix(sudo:auth): auth could not identify password for [midpoint_user ]"

      It's like midPoint couldn't run SUDO command or something else.
      In fact, we have tried to set the option "Host user is root user?" to true (with the same user of the previously attempts) and midPoint can list accounts, but is not able to read permissions and especially it can't create users on target server.


      N.B.: the user that we are using for this resource configuration has already all the necessary permissions for read and create users; directly from the server terminal the midpoint_user is able to do SUDO, read accounts, permissions and create users.


      We have tried a lot of different configurations but nothing seems to work.




            mariannadebiasio Marianna De Biasio
            mariannadebiasio Marianna De Biasio
            0 Vote for this issue
            3 Start watching this issue