From b24e4bec819b29f1ec8e77083d4e7610c5dd9c77 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Wed, 24 Apr 2013 20:26:40 +0200 Subject: SUDO: IPA provider This patch added auto configuration SUDO with ipa provider and compat tree. https://fedorahosted.org/sssd/ticket/1733 --- src/man/sssd-sudo.5.xml | 30 +++--------------------------- 1 file changed, 3 insertions(+), 27 deletions(-) (limited to 'src/man') diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml index fec81533..361fdb7b 100644 --- a/src/man/sssd-sudo.5.xml +++ b/src/man/sssd-sudo.5.xml @@ -89,33 +89,9 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com - The following example illustrates setting up SSSD to download - sudo rules from an IPA server. It is necessary to use the LDAP - provider and set appropriate connection parameters to authenticate - correctly against the IPA server, because SSSD does not have native - support of IPA provider for sudo yet. - - - -[sssd] -config_file_version = 2 -services = nss, pam, sudo -domains = EXAMPLE - -[domain/EXAMPLE] -id_provider = ipa -ipa_domain = example.com -ipa_server = ipa.example.com -ldap_tls_cacert = /etc/ipa/ca.crt - -sudo_provider = ldap -ldap_uri = ldap://ipa.example.com -ldap_sudo_search_base = ou=sudoers,dc=example,dc=com -ldap_sasl_mech = GSSAPI -ldap_sasl_authid = host/hostname.example.com -ldap_sasl_realm = EXAMPLE.COM -krb5_server = ipa.example.com - + When the SSSD is configured to use the IPA provider, the sudo + provider is automatically enabled. The sudo search base + is configured to use the compat tree (ou=sudoers,$DC). -- cgit