On Mon, Oct 16, 2017 at 5:37 PM, Lukas Slebodnik <lslebodn(a)redhat.com>
On (16/10/17 15:16), Asif Iqbal wrote:
>On Mon, Oct 16, 2017 at 1:17 PM, Asif Iqbal <vadud3(a)gmail.com> wrote:
>> On Fri, Oct 13, 2017 at 6:26 PM, Daniel Corrigan <
>>> I'm wondering if you have even extended your LDAP schema for sudo. Sudo
>>> rules must follow a proper schema in order to be valid.
>> I suppose I will just use local/proxy->local with sudo since IT wont
>> sudo schema.
>> Appreciate the pointer!
>I end up using nss-pam-ldapd and have sudo pointing to pam_ldap.so which
>So looks like sudo login with ldap password work with pam_ldap.so and
>nslcd, but sssd needs a ldap sudo schema.
>So if one does not have access to the LDAP server, pam_ldap + nslcd is the
>only way to work since sssd won't work there.
>Did I evaluate it right or is there is a workaround for sssd to work as
If nss-pam-ldapd is able to provide rules from LDAP server then sssd
is able to provide them as well. And there are not required any changes on
I am using nss-pam-ldapd for sudo authentication only. I am using local
Can I user sssd instead of nss-pam-ldapd for sudo authentication only and
use local sudoers
file for rules?
Which distribution do you use? is sudo compiled there with sssd support?
ot just with ldap?
sudo -V | grep sss
Here is sudo -V output and I am using centos 7 in this case.
Is nsswitch configured properly with sss?
grep sudoers /etc/nsswitch.conf
[root@localhost vagrant]# grep sudoers /etc/nsswitch.conf
sudoers files sss
I will follow that when I am work tomorrow. I can access the corporate LDAP
server only from work.
Thanks for your help
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?