[sudo-users] Fallback to local sudo when LDAP sudo is unavailable
Michael Ströder
michael at stroeder.com
Wed Nov 20 13:01:22 MST 2013
Forrest Aldrich wrote:
>
> On 11/20/13 1:07 PM, Wong Ren wrote:
>>
>> When LDAP sudo is unavailable due to network or LDAP server issue, will the
>> LDAP sudo falls back to local sudo and thus allow the service to continue ?
>> assuming that he accounts exist locally and also in the LDAP server and LDAP
>> and local has the same sudo policy.
>>
>> If the answer is yes, what would be best practice?
>
> Wouldn't this fall under the caching mechanisms of SSSD or NCSD (if configured
> to do so)?
>
> I'm curious as well - but I believe that's the case.
Another option is to just search the sudoRole entries for a particular system
and generate the local sudoers file from the LDAP results.
Ciao, Michael.
More information about the sudo-users
mailing list