#2256 Evaluate usage of sudo LDAP provider together with the AD provider
Closed: Fixed None Opened 6 years ago by sbose.

The sudo provider can currently only be 'none' or 'ldap'. If the sudo LDAP backend is used together with the AD id provider we might face similar issues as was seen when using the LDAP access provider together the AD provider.

E.g. since the default value for ldap_id_mapping is different in the LDAP and AD provider SSSD will fail to start if 'id_provider = ad' and 'sudo_provider = ldap' but ldap_id_mapping is not set explicitly.

Additionally I assume that the sdap id context is initialized twice. This might be true when using the IPA provider as well.

Maybe be want to add 'sudo_provider = ad' so that it plays well with SSSD?

I agree that adding sudo_provider=ad is the best way, but we also should document the pitfalls of using sudo_provider=ldap in a man page (man sssd-sudo?) because that's what some users are already using.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.5
priority: major => critical

Fields changed

owner: somebody => sbose
status: new => assigned

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Metadata Update from @sbose:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.11.5

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3298

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.