On Fri, May 18, 2012 at 02:35:18PM -0700, Gelen James wrote:
>    Hi all,
>     Are the sudo rules applied to IPA clients through nss_ldap, instead of
>    sssd? 

Neither :-)

sudo looks up the user information via the standard name-service-switch
maps, so if your machine is configured to fetch user and group
information using the sss NSS module in nsswitch.conf, then the requests
get to sssd.

As Stephen Ingram pointed out elsewhere in this thread, sudo only reads
the nss_ldap/nss-pam-ldapd config files but establishes the connection
to the LDAP server and fetches the data on its own.

Freeipa-users mailing list

Reply via email to