On Thu, Feb 04, 2016 at 11:39:07AM -0700, sysadmin ofdoom wrote:
> Note: sudo rule "testSudo" fails when using user group. But succeeds
> when using a directly defined user.
> sudo rule "sudo-1" fails when user defined directly, but hosts are
> defined with host group.
>
> The
On Wed, Jan 27, 2016 at 09:36:13AM -0700, sysadmin ofdoom wrote:
> I am trying to implement FreeIPA in a larger environment. Due to the
> complexity of the environment I've been constructing a user group structure
> such that i have groups at the following levels:
>
> project --> project_at_site
Sorry for not defining the question.
The question for this is: Are sudo rules supposed to be inherited in the
same manner as HBAC rules?
>From the case above, all my HBAC rules are working fine with indirect
membership, but sudo only works with direct membership. I also saw the Tech
preview SSSD
I am trying to implement FreeIPA in a larger environment. Due to the
complexity of the environment I've been constructing a user group structure
such that i have groups at the following levels:
project --> project_at_site --> project_site_vendor
HBAC rules are defined at the lowest level (vendor