Hi,
We have a ldap group called *ldapadmin *defined on our LDAP servers running
389 Directory Server.
On the LDAP Client side. We have the following line added in */etc/sudoers*
*%ldapadmin ALL=(ALL:ALL) ALL*
We are able to login as a LDAP user which is part of the *ldapadmin *group
and are
The one thing I would look at is your /etc/sssd/sssd.conf file. Assuming you
are configured for LDAP, you could exclude the the local admin account in the
[nss] section with the "filter_users" setting.
Example:
[nss]
filter_users = root,nagios,local_admin_acct
That should get SSSD to not
Hi Paul,
Thank you for your reply, apparently the LDAP client was configured using
nslcd. We have a similar configuration file called /etc/nslcd.conf and a
parameter called nss_initgroups_ignoreusers which I have set to ALLLOCAL.
This can be useful in case of unavailability of the LDAP server,
Dirsrv.target was a "mistake" added by someone at RH. I removed it a few years
ago, and it probably just got to you now.
It should never have been added, and existed because I think people didn't
really know how systemd dependencies worked. It caused no end of issues because
people didn't
Generally the advice is:
* autotune everything
* handtune everything.
IMO, autotuning is better (but I did write it, so I'm biased), and don't touch
the "split" because we've seen lots of communication issues and challenges
trying to educate about how the query processing works in the server
> On 18 Jul 2019, at 02:56, Abhisheyk Deb wrote:
>
> Hi,
>
> We have a ldap group called ldapadmin defined on our LDAP servers running 389
> Directory Server.
>
> On the LDAP Client side. We have the following line added in /etc/sudoers
> %ldapadmin ALL=(ALL:ALL) ALL
>
> We are able to