Bug 1068725 - Evaluate usage of sudo LDAP provider together with the AD provider
Summary: Evaluate usage of sudo LDAP provider together with the AD provider
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
Marc Muehlfeld
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 1004480
TreeView+ depends on / blocked
 
Reported: 2014-02-21 18:22 UTC by Jakub Hrozek
Modified: 2019-05-21 10:22 UTC (History)
11 users (show)

(edit)
.Use of AD and LDAP sudo providers

The Active Directory (AD) provider is a back end used to connect to an AD server. Starting with Red Hat Enterprise Linux 7.2, using the AD sudo provider together with the LDAP provider is available as a Technology Preview. To enable the AD sudo provider, add the `sudo_provider=ad` setting in the [domain] section of the `sssd.conf` file.
Clone Of:
(edit)
Last Closed: 2014-06-13 12:41:31 UTC


Attachments (Terms of Use)

Description Jakub Hrozek 2014-02-21 18:22:26 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2256

The sudo provider can currently only be 'none' or 'ldap'. If the sudo LDAP backend is used together with the AD id provider we might face similar issues as was seen when using the LDAP access provider together the AD provider.

E.g. since the default value for ldap_id_mapping is different in the LDAP and AD provider SSSD will fail to start if 'id_provider = ad' and 'sudo_provider = ldap' but  ldap_id_mapping is not set explicitly.

Additionally I assume that the sdap id context is initialized twice. This might be true when using the IPA provider as well.

Maybe be want to add 'sudo_provider = ad' so that it plays well with SSSD?

Comment 5 Jakub Hrozek 2014-03-02 20:28:13 UTC
Pushed upstream:
    master: 61804568ce5ede3b1a699cda17c033dd6c23f0e3
    sssd-1-11: 77cb1c56f13a41d1920efb2946db10a00ed63c9c

Comment 14 Kaushik Banerjee 2014-03-05 11:21:14 UTC
sssd starts up with "sudo_provider=ad" in the domain section. Manpage of sssd.conf also mentions sudo_provider=ad as an option.

Verified in version 1.11.2-53.el7.

Comment 15 Ludek Smid 2014-06-13 12:41:31 UTC
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.


Note You need to log in before you can comment on or make changes to this bug.