On Fri, Jun 14, 2013 at 12:12:14PM +0100, James Hogarth wrote: > > Also if you're using service DNS records, you can either leave the URIs > > blank and default to service resolution or explicitly use service > > resolution along with a hardcoded name: > > > > ldap_uri = _srv_, ldap://ldap.example.com > > > > > > > Hi Jakub, > > Thanks for this. I've been doing the ldap backed sudo for a while for my > systems and missed that sssd backed sudo arrived in EL6.4... > > A quick bit of testing looks like the bare minimum that needs to be added > to sssd.conf is to the main section under [domain]: > > sudo_provider = ldap > ldap_sudo_search_base = ou=sudoers,dc=example,dc=com > ldap_sasl_mech = GSSAPI > > > with an [sudo] section and sudo added to the provided services of course... > > This really cleans up something that was quite messy before and simplifies > a lot - thanks! > > Time to go and convert all my systems over I think... > > James
Hi James, I believe that at one point we included a configuration very similar to the snippet above in man sssd-sudo. It should be there in 6.4, not 100% sure now. _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
