![]() Liz's Pet Tricks for Tuesday, April 11,Liz's Pet Tricks for Tuesday, April 11 The Brinks Mat robbery gang now: What happened to Kenneth Noye and the other criminals portrayed in The Gold,The Brink's-Mat robbery was described as the 'crime of the century' The Brinks Mat robbery gang now: What happened to Kenneth Noye and the other criminals portrayed in The Gold.If you want different hosts to have different administrators, you could instead store the authorized user names directly in your LDAP sudoers rule (the sudoUser attribute is multi-valued), using sudoHost to limit the role to a specific host (or set of hosts), and creating a new role for each set of hosts that needs a different list of administrators.Īlternatively, you could use NIS-style netgroups in LDAP (which use the nisNetgroup objectClass and contain a list of (host,user,) triples), or you could avoid LDAP entirely and deploy /etc/sudoers.d/ as a regular file via Salt/Ansible (which can then refer to any group or NIS netgroup known to nsswitch). ![]() If I remember correctly, it only accepts entries that refer to groups within the same SSSD "domain". SSSD deliberately ignores LDAP "sudoers" entries that refer to host-local groups. I am going to guess that host-admin is a local group on the server rather than an LDAP group. nf id_provider = ldapauth_provider = ldapsudo_provider = ldapchpass_provider = ldapldap_uri = ldaps://_search_base = dc=example,dc=comldap_id_use_start_tls = Trueldap_schema = rfc2307bisldap_sudo_include_regexp = truecache_credentials = Trueldap_tls_cacertdir = /etc/openldap/certsldap_tls_reqcert = allowservices = nss, pam, sudodomains = defaulthomedir_substring = /homedebug_level = 7 I can successfully log into instances using my account, however I’m not allowed to use sudo even tho sudoCommand: ALL $ ldapsearch -H ldap:// -b ou=sudoers,dc=example,dc=com -ZZ '(&(objectClass=sudoRole))' -x# allow_all, sudoers, EXAMPLE.COMdn: cn=allow_all,ou=sudoers,dc=EXAMPLE,dc=COMobjectClass: sudoRoleobjectClass: topsudoUser: %host-adminsudoHost: ALLsudoCommand: ALLsudoRunAsUser: ALLsudoRunAsGroup: ALLcn: allow_all$ id adminuid=6666(admin),1234(host-admins) I’m trying to configure nsswitch to use sudoers: files sss which is default for rhel9 system, however this does not work for me, but the following sudoers: files ldap does indeed work. ![]() Nsswitch – sudoers sss vs ldap what am I missing Nsswitch - sudoers sss vs ldap what am I missing,I'm trying to configure nsswitch to use sudoers: files sss which is default for rhel9 system, however this does not work for me, but the following sudoers: files ldap does indeed work.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |