On 07/25/2013 01:15 PM, Michael Ströder wrote:
Jakub
Hrozek wrote:
On Thu, Jul 25, 2013 at 03:22:20PM +0000,
Licause, Al (CSC AMS BCS - UNIX/Linux Network Support) wrote:
Thanks very much. I'm not sure what
AFAIR is but I got this working in RHEL V6.3 by reenabling
sssd for authentication and then using /etc/sudo-ldap.conf for
the sudo component.
That's fine, using sssd for authentication and identity
information
while using sudo's built-in LDAP support is perfectly
supportable
configuration.
Hmm, direct sudo-ldap does no caching of sudoRole entries. So if
you're LDAP server is not available/reachable you're lost fixing
the issues...
Ciao, Michael.
I think what Michael meant is:
Since you are using 6.3 you are using the configuration that does
not leverage SSSD integration for sudo and connects directly to LDAP
source for sudo rules. In this case there is no caching of the sudo
rules and if you loose connectivity sudo will failover to local
sudoers file. In case of 6.4 the SSSD integration is possible and
SSSD would fetch sudo rules and store them so that sudo acts
consistently whether there is connectivity to the central server or
not.
So the point that Michael might have had (guessing here) is that it
might be better to upgrade to 6.4 to leverage SSSD integration and
caching than to use 6.3 without caching.
HTH
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/