.Use of AD and LDAP sudo providers
The Active Directory (AD) provider is a back end used to connect to an AD server. Starting with Red Hat Enterprise Linux 7.2, using the AD sudo provider together with the LDAP provider is available as a Technology Preview. To enable the AD sudo provider, add the `sudo_provider=ad` setting in the [domain] section of the `sssd.conf` file.
This bug is created as a clone of upstream ticket:
The sudo provider can currently only be 'none' or 'ldap'. If the sudo LDAP backend is used together with the AD id provider we might face similar issues as was seen when using the LDAP access provider together the AD provider.
E.g. since the default value for ldap_id_mapping is different in the LDAP and AD provider SSSD will fail to start if 'id_provider = ad' and 'sudo_provider = ldap' but ldap_id_mapping is not set explicitly.
Additionally I assume that the sdap id context is initialized twice. This might be true when using the IPA provider as well.
Maybe be want to add 'sudo_provider = ad' so that it plays well with SSSD?
sssd starts up with "sudo_provider=ad" in the domain section. Manpage of sssd.conf also mentions sudo_provider=ad as an option.
Verified in version 1.11.2-53.el7.
This request was resolved in Red Hat Enterprise Linux 7.0.
Contact your manager or support representative in case you have further questions about the request.