> Also if you're using service DNS records, you can either leave the URIs > blank and default to service resolution or explicitly use service > resolution along with a hardcoded name: > > ldap_uri = _srv_, ldap://ldap.example.com > > > Hi Jakub,
Thanks for this. I've been doing the ldap backed sudo for a while for my systems and missed that sssd backed sudo arrived in EL6.4... A quick bit of testing looks like the bare minimum that needs to be added to sssd.conf is to the main section under [domain]: sudo_provider = ldap ldap_sudo_search_base = ou=sudoers,dc=example,dc=com ldap_sasl_mech = GSSAPI with an [sudo] section and sudo added to the provided services of course... This really cleans up something that was quite messy before and simplifies a lot - thanks! Time to go and convert all my systems over I think... James
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users