Bug 1068725 – Evaluate usage of sudo LDAP provider together with the AD provider

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1068725 - Evaluate usage of sudo LDAP provider together with the AD provider

Summary:	Evaluate usage of sudo LDAP provider together with the AD provider

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	sssd (Show other bugs)
Sub Component:
Version:	7.0
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Jakub Hrozek
QA Contact:	Kaushik Banerjee
Docs Contact:	Filip Hanzelka

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	1004480
	Show dependency tree / graph

Reported:	2014-02-21 13:22 EST by Jakub Hrozek
Modified:	2018-07-17 15:17 EDT (History)
CC List:	11 users (show)

See Also:
Fixed In Version:	sssd-1.11.2-53.el7
Doc Type:	Technology Preview
Doc Text:	Use of AD and LDAP sudo providers The Active Directory (AD) provider is a back end used to connect to an AD server. Starting with Red Hat Enterprise Linux 7.2, using the AD sudo provider together with the LDAP provider is available as a Technology Preview. To enable the AD sudo provider, add the sudo_provider=ad setting in the [domain] section of the sssd.conf file.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2014-06-13 08:41:31 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Jakub Hrozek 2014-02-21 13:22:26 EST

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2256

The sudo provider can currently only be 'none' or 'ldap'. If the sudo LDAP backend is used together with the AD id provider we might face similar issues as was seen when using the LDAP access provider together the AD provider.

E.g. since the default value for ldap_id_mapping is different in the LDAP and AD provider SSSD will fail to start if 'id_provider = ad' and 'sudo_provider = ldap' but  ldap_id_mapping is not set explicitly.

Additionally I assume that the sdap id context is initialized twice. This might be true when using the IPA provider as well.

Maybe be want to add 'sudo_provider = ad' so that it plays well with SSSD?

Comment 5 Jakub Hrozek 2014-03-02 15:28:13 EST

Pushed upstream:
    master: 61804568ce5ede3b1a699cda17c033dd6c23f0e3
    sssd-1-11: 77cb1c56f13a41d1920efb2946db10a00ed63c9c

Comment 14 Kaushik Banerjee 2014-03-05 06:21:14 EST

sssd starts up with "sudo_provider=ad" in the domain section. Manpage of sssd.conf also mentions sudo_provider=ad as an option.

Verified in version 1.11.2-53.el7.

Comment 15 Ludek Smid 2014-06-13 08:41:31 EDT

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.