No, nothing specific. Only that by default the AD schema does not contain the necessary
sudo* attributes.
My thinking was that if we do:
Sudo_provider = ad
The ad provider in sssd would assume the AD schema has already been extended (and probably
issue a big bold warning if we find out that it is not the case).
The beauty of this configuration (compared to sudo_provider = ldap) would be that:
- we do not have to fill in all the necessary ldap parameters to make the ldap provider
happy
- clean and obvious configuration
I also believe it should not be a big problem to implement it as everything we need to
make it working is already there (ok, except of the AD schema check - but this is optional
anyway).
I wanted to ask prior submitting a RFE for this just to see if it makes any sense or
not....
Ondrej
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Dmitri Pal
Sent: Sunday, April 28, 2013 10:17 PM
To: sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] Anyone using sudo with AD?
On 04/28/2013 02:13 PM, Jakub Hrozek wrote:
On Sat, Apr 27, 2013 at 05:56:15AM +0000, Ondrej Valousek wrote:
> Yes. Wondering if the AD provider in sssd is multipurpose enough - i.e. Capable of
serving automount, sudo, HBAC... maps too.
> Ondrej
>
No, you'd need to configure sudo_provider=ldap
Feel free to raise a RFE, though.
Is there anything specific about the AD schema vs. generic LDAP schema?
Does it make sense to add sudo into ad provider? I am not sure, we can't assume that
schema is there loaded into AD.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users