[sudo-workers] sudoers_* ldap keywords
Stephen Gallagher
sgallagh at redhat.com
Wed Nov 30 07:42:07 EST 2011
On Tue, 2011-11-29 at 20:19 -0500, Todd C. Miller wrote:
> On Tue, 29 Nov 2011 19:48:57 EST, Stephen Gallagher wrote:
>
> > Well, just to amend to this, the fact that nslcd.conf has multiple
> > consumers is a bug in itself - one that we're working to eliminate with
> > SSSD by producing plugins for talking to sudo, automount, openssh-lpk
> > and similar services.
> >
> > It really is an abuse of another application's configuration. Just
> > because it happens to be there doesn't necessarily mean it's correct for
> > your application either.
>
> You can specify the path to ldap.conf that sudo will use at configure
> time. Some distros (such as Debian) use /etc/sudo-ldap.conf to
> avoid such problems.
Daniel: This sounds like a really good idea. At the very least, it would
help to alleviate the confusion that a LOT of users have that sudo LDAP
support is coming from nss_ldap/nss-pam-ldapd.
I hear this a lot because people are constantly asking me why they have
to configure nss_ldap for sudo support when using SSSD.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: </pipermail/sudo-workers/attachments/20111130/a04ce127/attachment.bin>
More information about the sudo-workers
mailing list