Bug 1068725 - Evaluate usage of sudo LDAP provider together with the AD provider
Summary: Evaluate usage of sudo LDAP provider together with the AD provider
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
Marc Muehlfeld
Whiteboard: sync-to-jira
Depends On:
Blocks: 1004480
TreeView+ depends on / blocked
Reported: 2014-02-21 18:22 UTC by Jakub Hrozek
Modified: 2020-05-02 17:38 UTC (History)
13 users (show)

Fixed In Version: sssd-1.11.2-53.el7
Doc Type: Technology Preview
Doc Text:
.Use of AD and LDAP `sudo` providers The Active Directory (AD) provider is a back end used to connect to an AD server. Starting with RHEL 7.2, using the AD `sudo` provider together with the LDAP provider is available as a Technology Preview. To enable the AD `sudo` provider, add the `sudo_provider=ad` setting in the [domain] section of the `sssd.conf` file.
Clone Of:
Last Closed: 2014-06-13 12:41:31 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Github SSSD sssd issues 3298 None closed Evaluate usage of sudo LDAP provider together with the AD provider 2020-08-05 21:45:18 UTC

Description Jakub Hrozek 2014-02-21 18:22:26 UTC
This bug is created as a clone of upstream ticket:

The sudo provider can currently only be 'none' or 'ldap'. If the sudo LDAP backend is used together with the AD id provider we might face similar issues as was seen when using the LDAP access provider together the AD provider.

E.g. since the default value for ldap_id_mapping is different in the LDAP and AD provider SSSD will fail to start if 'id_provider = ad' and 'sudo_provider = ldap' but  ldap_id_mapping is not set explicitly.

Additionally I assume that the sdap id context is initialized twice. This might be true when using the IPA provider as well.

Maybe be want to add 'sudo_provider = ad' so that it plays well with SSSD?

Comment 5 Jakub Hrozek 2014-03-02 20:28:13 UTC
Pushed upstream:
    master: 61804568ce5ede3b1a699cda17c033dd6c23f0e3
    sssd-1-11: 77cb1c56f13a41d1920efb2946db10a00ed63c9c

Comment 14 Kaushik Banerjee 2014-03-05 11:21:14 UTC
sssd starts up with "sudo_provider=ad" in the domain section. Manpage of sssd.conf also mentions sudo_provider=ad as an option.

Verified in version 1.11.2-53.el7.

Comment 15 Ludek Smid 2014-06-13 12:41:31 UTC
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.