Extend schema for sudo support

  • 125 Views
  • Last Post 26 January 2016
AlLilianstrom posted this 25 January 2016

We have a request from our Linux admins to support the use of AD groups to control sudo usage. (https://www.sudo.ws/sudo.html) This requires extending the schema to add the attributes used by sudo.

Has anyone implemented this in AD? Any issues?

al

--
Al Lilianstrom
Group Leader - Authentication Services

Fermi National Accelerator Laboratory
www.fnal.gov
lilstrom@xxxxxxxxxxxxxxxx


Forum info: http://www.activedir.org
Problems unsubscribing? Email admin@xxxxxxxxxxxxxxxx

Order By: Standard | Newest | Votes
moter posted this 25 January 2016

I'm also looking into this. If I get any time I'm going to try this in our test domain. It would be nice to hear about other's experiences.

show

Batz_10K posted this 26 January 2016

Hi Al, you might want to clarify with them exactly what they want - you don't need to extend the schema to use AD groups in the sudo configuration, only if you want to actually put the sudo rules into AD. (presumably they want to do this to take advantage of AD replication to automatically distribute the sudoers rules to every machine that needs it. Imho it would be better to use the sudoers module of whatever configuration management system they use (e.g. puppet/chef/saltstack etc) and just use the AD groups as you would in Windows.

Cheers

show

AlLilianstrom posted this 26 January 2016

Hi Paul,

Thanks for the reply. We have a large puppet infrastructure so I'll check with the requester.

al

--
Al Lilianstrom
Group Leader - Authentication Services

Fermi National Accelerator Laboratory
www.fnal.gov
lilstrom@xxxxxxxxxxxxxxxx

show

Close