On 08/09/14 22:29, Jacob Weber wrote:
As far as I can tell from looking at sssd-sudo, this requires you to
get the rules from your LDAP directory. But is it possible to use the sudoers file
instead, for rules that apply to LDAP users/groups?
It seems to work when the rule includes NOPASSWD, but not when it requires a password.
sssd-users mailing list
Yes you can use the
local sudoers file by adding a ldap user or group,
but it will only work on the the machine you add the user or group to, I
initially did this with my AD domain joined laptop.
There is a very big problem with doing it this way if you want to do it
for multiple machines and users, you have to alter each and every
sudoers file. This is where sssd-sudoers comes in, you setup the sudo
rules in ldap or AD (once) and get the same results everywhere.