On 13 October 2017 at 22:49, Asif Iqbal wrote:
On Fri, Oct 13, 2017 at 5:06 PM, John Beranek john@redux.org.uk wrote:
On 13 October 2017 at 19:28, Asif Iqbal wrote:
Hi All
(&(objectClass=mnetperson)(|(sudoUser=ALL)(name=defaults)(uid=iqbala)(sudoUser=#408462)(sudoUser=%iqbala)(sudoUser=+*)))
How do I change the config to search like above?
The search it's doing is to retrieve sudo rule objects from the directory, as defined in e.g. https://www.sudo.ws/man/1.8.17/sudoers.ldap.man.html
Each LDAP object is equivalent to a line in a sudoers file.
I do not manage LDAP server, IT does and ldapsearch shows there is no sudoRole or any sudo* objectclass.
So that means I cannot use sudo for SSSD?
The LDAP directory will typically need the schema adding, including for Active Directory ( http://jhrozek.livejournal.com/3860.html ) - so, yes, you need the cooperation of the LDAP administrators in IT.
John