Not using SSSD because Amazon Linux does not support samba libraries required to compile it.
On 19 February 2016 at 14:28, Jakub Hrozek <[email protected]> wrote: > On Fri, Feb 19, 2016 at 11:27:16AM +0530, Prashant Bapat wrote: > > Hi, > > > > I'm using FreeIPA 4.1.4 with nss-pam-ldapd and the compat schema. > > Why not sssd? > > > > > I'm thinking of moving sudo rules to IPA and with *ou=sudoers* and > > sudo-ldap this works. > > > > In our setup we have lot of rules with wildcard matching for sudo > > hostnames. For ex webserver*, dbserver* etc. > > > > In the IPA UI, when I try to add the hostname with wildcard (*) char I > get > > an error from UI. * is not allowed char. > > > > Looks like the UI is trying to validate the hostname using > > validate_dns_label in ipa/util.py and obviously * is not one of the > allowed > > chars. > > > > Taking a look at the documentation of sudo, wildcards are pretty widely > > used. More info here > > https://www.sudo.ws/man/1.8.15/sudoers.man.html#x57696c646361726473 > > > > Other than editing the LDAP schema outside of IPA (this will work) what > are > > the other options to solve this ? > > I guess hostgroups/netgroups are even better (more explicit) than > wildcards. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
