[sudo-users] Fallback to local sudo when LDAP sudo is unavailable

Michael Ströder michael at stroeder.com
Wed Nov 20 13:01:22 MST 2013

Forrest Aldrich wrote:
> On 11/20/13 1:07 PM, Wong Ren wrote:
>> When LDAP sudo is unavailable due to network or LDAP server  issue, will the
>> LDAP sudo falls back to local sudo and thus allow the service to continue ?
>> assuming that he accounts exist locally and also in the LDAP server and LDAP
>> and local has the same sudo policy.
>> If the answer is yes,  what would be best practice?
> Wouldn't this fall under the caching mechanisms of SSSD or NCSD (if configured
> to do so)?
> I'm curious as well - but I believe that's the case.

Another option is to just search the sudoRole entries for a particular system
and generate the local sudoers file from the LDAP results.

Ciao, Michael.

More information about the sudo-users mailing list