On Mon, Sep 20, 2021 at 09:16:20AM -0000, iulian roman via FreeIPA-users wrote:
Does anybody know if it is possible to have sudo rules in
FreeIPA for local accounts (accounts which are in /etc/passwd) ?
If you want to have local sudo rules, just define them normally.
If you want to have sudo rules managed by the ipa server:
1. Install the package sssd-ldap. (Assuming RHEL)
2. Add this section to sssd.conf:
--
[domain/files]
id_provider = files
sudo_provider = ldap
ldap_uri =
ldaps://my-ipaserver.example.com
ldap_tls_cacert = /etc/ipa/ca.crt
--
3. Clean the cache and restart sssd:
$ service sssd stop ; rm -rf /var/lib/sss/db/* ; service sssd start
With this bit of configuration, sudo will pick up rules from the
ldap server too.
Ciao
Dominik ^_^ ^_^
--
Dominik Vogt