On 07/25/2013 01:15 PM, Michael Ströder wrote: > Jakub Hrozek wrote: >> On Thu, Jul 25, 2013 at 03:22:20PM +0000, Licause, Al (CSC AMS BCS - >> UNIX/Linux Network Support) wrote: >>> Thanks very much. I'm not sure what AFAIR is but I got this >>> working in RHEL V6.3 by reenabling >>> sssd for authentication and then using /etc/sudo-ldap.conf for the >>> sudo component. >> >> That's fine, using sssd for authentication and identity information >> while using sudo's built-in LDAP support is perfectly supportable >> configuration. > > Hmm, direct sudo-ldap does no caching of sudoRole entries. So if > you're LDAP server is not available/reachable you're lost fixing the > issues... > > Ciao, Michael.
I think what Michael meant is: Since you are using 6.3 you are using the configuration that does not leverage SSSD integration for sudo and connects directly to LDAP source for sudo rules. In this case there is no caching of the sudo rules and if you loose connectivity sudo will failover to local sudoers file. In case of 6.4 the SSSD integration is possible and SSSD would fetch sudo rules and store them so that sudo acts consistently whether there is connectivity to the central server or not. So the point that Michael might have had (guessing here) is that it might be better to upgrade to 6.4 to leverage SSSD integration and caching than to use 6.3 without caching. HTH > > > > _______________________________________________ > sssd-users mailing list > sssd-users@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users