Hi all,
I use SSSD with OpenLDAP and I am able to authenticate users.
I am trying to configure SSSD for managing and caching sudo but I can't use sudo and the system reply me with this:
Sorry, user xxx is not allowed to execute '/usr/bin/apt-get update' as root on MACHINE.
This is my sssd.conf
[nss]
filter_groups = root,andrea
filter_users = root,andrea
reconnection_retries = 3
debug_level = 4
[pam]
reconnection_retries = 3
debug_level = 4
offline_credentials_expiration = 90
[sudo]
debug_level = 7
# valori di default in secondi
#ldap_sudo_full_refresh_
interval=21600
#ldap_sudo_smart_refresh_interval=900
ldap_sudo_full_refresh_interval=10
ldap_sudo_smart_refresh_interval=10
[sssd]
config_file_version = 2
reconnection_retries = 3
services = nss, pam, sudo
domains = mydomain.com
[domain/mydomain.com]
debug_level = 7
cache_credentials = true
account_cache_expiration = 90
# With this as false, a simple "getent passwd" for testing won't work. You must do getent passwd user@domain.com
# enumerate = false
enumerate = true
id_provider = ldap
auth_provider = ldap
access_provider = ldap
sudo_provider = ldap
# chpass_provider = ldap
ldap_id_use_start_tls = true
ldap_tls_reqcert = demand
ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
ldap_uri = ldap://LDAPSERVER
ldap_search_base = dc=mydomain,dc=com
ldap_access_filter = (uidNumber=*)
ldap_sudo_search_base = ou=sudoers,dc=mydomain,dc=com