[Freeipa-users] Sudo Commands and groups confusion
Jakub Hrozek
jhrozek at redhat.com
Fri Jun 14 11:24:30 UTC 2013
On Fri, Jun 14, 2013 at 12:12:14PM +0100, James Hogarth wrote:
> > Also if you're using service DNS records, you can either leave the URIs
> > blank and default to service resolution or explicitly use service
> > resolution along with a hardcoded name:
> >
> > ldap_uri = _srv_, ldap://ldap.example.com
> >
> >
> >
> Hi Jakub,
>
> Thanks for this. I've been doing the ldap backed sudo for a while for my
> systems and missed that sssd backed sudo arrived in EL6.4...
>
> A quick bit of testing looks like the bare minimum that needs to be added
> to sssd.conf is to the main section under [domain]:
>
> sudo_provider = ldap
> ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
> ldap_sasl_mech = GSSAPI
>
>
> with an [sudo] section and sudo added to the provided services of course...
>
> This really cleans up something that was quite messy before and simplifies
> a lot - thanks!
>
> Time to go and convert all my systems over I think...
>
> James
Hi James,
I believe that at one point we included a configuration very similar to
the snippet above in man sssd-sudo. It should be there in 6.4, not 100%
sure now.
More information about the Freeipa-users
mailing list