On Thu, Feb 18, 2016 at 06:37:16PM +0000, Mote, Todd wrote:
Hi all, how does sssd process multiple sudo rules from an OU search
base?
I have my base pointed at an OU where I have one sudo rule applied,
and that works, but have another farther down. I can see in the logs
that it sees both rules. What I can't find is how sssd handles that?
does it merge the rules? How does it handle conflicts? Does computer
object location matter like it does for group policies?
the sudo rules are evaluated by sudo itself, you can see that in the
sudo logs, see:
https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
If you have conflicts and want to solve them, you can use the sudoOrder
attribute.