[Freeipa-users] Sudo Commands and groups confusion
James Hogarth
james.hogarth at gmail.com
Fri Jun 14 11:12:14 UTC 2013
> Also if you're using service DNS records, you can either leave the URIs
> blank and default to service resolution or explicitly use service
> resolution along with a hardcoded name:
>
> ldap_uri = _srv_, ldap://ldap.example.com
>
>
>
Hi Jakub,
Thanks for this. I've been doing the ldap backed sudo for a while for my
systems and missed that sssd backed sudo arrived in EL6.4...
A quick bit of testing looks like the bare minimum that needs to be added
to sssd.conf is to the main section under [domain]:
sudo_provider = ldap
ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
ldap_sasl_mech = GSSAPI
with an [sudo] section and sudo added to the provided services of course...
This really cleans up something that was quite messy before and simplifies
a lot - thanks!
Time to go and convert all my systems over I think...
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130614/e98cb681/attachment.htm>
More information about the Freeipa-users
mailing list