Is that to say that when using this under RHEL v6.3 in which we use sssd to authenticate the user and then /etc/sudo-ldap.conf to affect the sudo commands, there is no caching ?
And are you also stating that this should work w/o sssd and just the combination of /etc/ldap.conf and /etc/sudo-ldap.conf ? If so, I'm confused because everything I've read states that ldap.conf is no longer used in RH V6 or at least 6.3 and beyond. I can not get authentication to work with ldap.conf along having shutdown sssd. But I can understand that if a utility outside of sssd is necessary to get sudo working for ldap users, that caching is disabled for that function. Am I correct in my assumptions ? Al Licause -----Original Message----- From: sssd-users-boun...@lists.fedorahosted.org [mailto:sssd-users-boun...@lists.fedorahosted.org] On Behalf Of Michael Ströder Sent: Thursday, July 25, 2013 10:16 AM To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] Not finding /usr/lib64/libsss_sudo.so on RHEL V6.4 Jakub Hrozek wrote: > On Thu, Jul 25, 2013 at 03:22:20PM +0000, Licause, Al (CSC AMS BCS - > UNIX/Linux Network Support) wrote: >> Thanks very much. I'm not sure what AFAIR is but I got this working in >> RHEL V6.3 by reenabling >> sssd for authentication and then using /etc/sudo-ldap.conf for the sudo >> component. > > That's fine, using sssd for authentication and identity information > while using sudo's built-in LDAP support is perfectly supportable > configuration. Hmm, direct sudo-ldap does no caching of sudoRole entries. So if you're LDAP server is not available/reachable you're lost fixing the issues... Ciao, Michael. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
