[sudo-users] Fallback to local sudo when LDAP sudo is unavailable
michael at stroeder.com
Wed Nov 20 13:01:22 MST 2013
Forrest Aldrich wrote:
> On 11/20/13 1:07 PM, Wong Ren wrote:
>> When LDAP sudo is unavailable due to network or LDAP server issue, will the
>> LDAP sudo falls back to local sudo and thus allow the service to continue ?
>> assuming that he accounts exist locally and also in the LDAP server and LDAP
>> and local has the same sudo policy.
>> If the answer is yes, what would be best practice?
> Wouldn't this fall under the caching mechanisms of SSSD or NCSD (if configured
> to do so)?
> I'm curious as well - but I believe that's the case.
Another option is to just search the sudoRole entries for a particular system
and generate the local sudoers file from the LDAP results.
More information about the sudo-users