On 12/20/2011 10:27 PM, Jan Zelený wrote: >> I have been working through configuring sudo via IPA and ran into the >> following situation. >> >> There is a directive in the documentation to configure >> /etc/sssd/sssd.conf on the clients with something like the following: >> >> ldap_netgroup_search_base = cn=ng,cn=compat,dc=example,dc=com >> >> >> This is pulled from the docse here for reference: >> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_ >> Management_Guide/example-configuring-sudo.html >> >> This is fine and causes no problems, however, when I mistakenly left it >> out on a few systems, sudo continued to function, so I am wondering what >> it is that this directive does? Does this get sssd into the loop to >> cache sudo rules for offline use? > Support for SUDO in SSSD has been added just about a week ago into master > branch and is considered experimental right now. And as I understand it, the > support in SUDO itself is still not entirely complete. So the simple answer > is: hang on, the support is coming. > > Jan
Hmm, that is odd. I am not trying to be on the bleeding edge here, my sudo setup is taken directly from the RHEL 6.2 documentation concerning identity management. It would be very strange if RHEL was running such an experimental and bleeding edge thing in the base RHEL setup. So I guess to back up a bit here, IF sudo were working with SSSD as it will in the future would the aforementioned directive be the way to make it work. Understanding of course that for now it doesn't. -Erinn _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users