Implications of adding above is that SUDO would break if the > hardcoded ipa is not available even if there is another replica somewhere > in the network. Is that correct assumption? > > Is there a better way of doing it that I have missed? >
Which version of sssd do you have? sssd >= 1.10 has native ipa suod providers and you don't need to use "sudo_provider = ldap". ---------------------------- Sorry, responding from blackberry which don't seen to indent the question I am responding to. This is sssd version I am using. Certainly newer than 1.10. Do you mind pointing me to the recommended way of handling SUDO now? sssd-common-1.11.2-68.el7_0.6.x86_64 sssd-ipa-1.11.2-68.el7_0.6.x86_64 sssd-1.11.2-68.el7_0.6.x86_64 sssd-client-1.11.2-68.el7_0.6.x86_64 sssd-ad-1.11.2-68.el7_0.6.x86_64 sssd-proxy-1.11.2-68.el7_0.6.x86_64 python-sssdconfig-1.11.2-68.el7_0.6.noarch sssd-common-pac-1.11.2-68.el7_0.6.x86_64 sssd-krb5-1.11.2-68.el7_0.6.x86_64 sssd-krb5-common-1.11.2-68.el7_0.6.x86_64 sssd-ldap-1.11.2-68.el7_0.6.x86_64 William -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project