On Mon, Apr 29, 2013 at 06:43:29AM +0000, Ondrej Valousek wrote: > No, nothing specific. Only that by default the AD schema does not contain the > necessary sudo* attributes. > My thinking was that if we do: > > Sudo_provider = ad >
Then it could be a similar wrapper around the LDAP provider in pretty much the same fashion as Lukas' wrapper under review on the list for the IPA compat tree autoconfiguration. > The ad provider in sssd would assume the AD schema has already been extended > (and probably issue a big bold warning if we find out that it is not the > case). > The beauty of this configuration (compared to sudo_provider = ldap) would be > that: > - we do not have to fill in all the necessary ldap parameters to make the > ldap provider happy > - clean and obvious configuration > > I also believe it should not be a big problem to implement it as everything > we need to make it working is already there (ok, except of the AD schema > check - but this is optional anyway). > > I wanted to ask prior submitting a RFE for this just to see if it makes any > sense or not.... > > Ondrej > > -----Original Message----- > From: sssd-users-boun...@lists.fedorahosted.org > [mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Dmitri Pal > Sent: Sunday, April 28, 2013 10:17 PM > To: sssd-users@lists.fedorahosted.org > Subject: Re: [SSSD-users] Anyone using sudo with AD? > > On 04/28/2013 02:13 PM, Jakub Hrozek wrote: > > On Sat, Apr 27, 2013 at 05:56:15AM +0000, Ondrej Valousek wrote: > >> Yes. Wondering if the AD provider in sssd is multipurpose enough - i.e. > >> Capable of serving automount, sudo, HBAC... maps too. > >> Ondrej > >> > > No, you'd need to configure sudo_provider=ldap > > > > Feel free to raise a RFE, though. > > Is there anything specific about the AD schema vs. generic LDAP schema? > Does it make sense to add sudo into ad provider? I am not sure, we can't > assume that schema is there loaded into AD. > > > _______________________________________________ > > sssd-users mailing list > > sssd-users@lists.fedorahosted.org > > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users