On (16/10/17 15:16), Asif Iqbal wrote:
On Mon, Oct 16, 2017 at 1:17 PM, Asif Iqbal vadud3@gmail.com wrote:
On Fri, Oct 13, 2017 at 6:26 PM, Daniel Corrigan dancorrigan1@gmail.com wrote:
I'm wondering if you have even extended your LDAP schema for sudo. Sudo rules must follow a proper schema in order to be valid.
I suppose I will just use local/proxy->local with sudo since IT wont add a sudo schema.
Appreciate the pointer!
I end up using nss-pam-ldapd and have sudo pointing to pam_ldap.so which works perfect.
So looks like sudo login with ldap password work with pam_ldap.so and nslcd, but sssd needs a ldap sudo schema.
So if one does not have access to the LDAP server, pam_ldap + nslcd is the only way to work since sssd won't work there.
Did I evaluate it right or is there is a workaround for sssd to work as well?
If nss-pam-ldapd is able to provide rules from LDAP server then sssd is able to provide them as well. And there are not required any changes on LDAP server.
Which distribution do you use? is sudo compiled there with sssd support? ot just with ldap? sudo -V | grep sss
Is nsswitch configured properly with sss? grep sudoers /etc/nsswitch.conf
@see also https://docs.pagure.org/SSSD.sssd/users/sudo_troubleshooting.html
LS