Hi there!
I've been struggling with this for a while now and I can't seem to wrap my brain around it.
I've followed the basic of how to export all your SUDO rules to LDAP and make SSSD read them, but for some reason, it won't allow the people in the group to get access to those rules.
So far, this is what I've done:
1. Import the sudo SCHEMA in my ldap server. I can confirmed it worked (sudoRole)objectClass
2. create the ou ou=SUDOers,dc=domain,dc=local
3. create the rule:
Code:
dn: cn=test,ou=SUDOers,dc=domain,dc=local
objectClass: top
objectClass: sudoRole
cn: test
sudoUser: +unix_group
sudoHost: ALL
sudoRunAsUser: ALL
sudoCommand: ALL
sudoOption: !authenticate
4: In my sssd.conf, I have the usual options that you will find in this typical setup.
Code:
[domain/default]
ldap_sudo_search_base = ou=SUDOers,dc=domain,dc=local
...
....
[sudo]
the +unix_group is a group inside ldap that has all users that I want the cn=test rule to apply to.
Am I doing this right? So far, it's not working for me, the error i'm having is "user is not allowed to run sudo on palpatine.
Thanks