I have been working on configuring SSSD to handle sudo natively in Fedora 17. Here are the versions of things: sssd-1.8.3-11.fc17.x86_64 sudo-1.8.3p1-7.fc17.x86_64 This is running against a RHEL 6.2 IPA server: ipa-server-2.1.3-9.el6.x86_64 I have been using these two sources of information: https://fedoraproject.org/wiki/Features/SSSDSudoIntegration http://jhrozek.livejournal.com/2065.html (Thanks for the write up) The bit that seems to hang for me is when it comes to the ldap_sudo_search_base, the blog doesn't state explicitly that it should go in the domain section of sssd.conf, but the feature page does, so I drop it in there, after a restart even simple lookups via getent passwd won't work any more, remove it, restart sssd, things work fine. I suppose I should mention that my test system has been working fine as an IPA client up until I start messing with the sudo bit. The line I am trying to put into the domains section is the following: ldap_sudo_search_base = "ou=SUDOers,dc=foo,dc=com" Any thoughts? -Erinn