action #23746

Adding sudoers rules to active directory.

Added by flacco over 4 years ago. Updated 3 months ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


Like described in an "Linux Administrator Magazin" article we should add support for providing sudo rules to active directory.



#1 Updated by flacco over 4 years ago

  • % Done changed from 0 to 20

Schema templates for sudo schema extension are ready and added to invis-setup package.

#2 Updated by flacco over 4 years ago

  • % Done changed from 20 to 30

I have added a base-node for sudo-rules to AD: CN=Sudo-Rules,CN=invis-Server,dc=invis-net,dc=loc, and an example ldif for adding new sudo rules to AD.

Next steps are:

  1. Writing a shell-script for adding new sudo-rules to AD
  2. Adding sudoers sssd configuration to invis-client package.

For Point 2: we have to extend the sssd.conf and the nsswitch.conf


services = nss, pam, sudo (in the global section)


New line:

sudoers: files sss

#3 Updated by flacco about 4 years ago

  • % Done changed from 30 to 50

A first version of a script called sudorule2ad is ready an now part of the invis-server setup. It's now possible to sudo rules to ad.

Now we have to implement the client-site. Server an linux-clients inside an invis-server AD domain must look for sudo rules in the AD.

#4 Updated by flacco about 4 years ago

  • Status changed from New to In Progress

#5 Updated by ingogoeppert about 4 years ago

  • Target version set to 13.1

#6 Updated by flacco almost 4 years ago

  • Due date deleted (2017-09-30)
  • Target version changed from 13.1 to Next

#7 Updated by ingogoeppert over 3 years ago

  • Project changed from invis-server to invisAD-setup
  • Category deleted (Developement)
  • Target version deleted (Next)

#8 Updated by flacco over 3 years ago

  • Target version set to Future

#9 Updated by ingogoeppert 4 months ago

  • Status changed from In Progress to Closed
  • Target version changed from Future to 14.2

Erste Schritte erledigt und in 13.0 vorhanden, wird eventuell durch die inzwischen für Samba verfügbaren GPOs ersetzt. Dafür ggf. neues Ticket anlegen.

#10 Updated by ingogoeppert 3 months ago

  • % Done changed from 50 to 100

Also available in: Atom PDF