Adding sudoers rules to active directory.
Like described in an "Linux Administrator Magazin" article we should add support for providing sudo rules to active directory.
#2 Updated by flacco over 4 years ago
- % Done changed from 20 to 30
I have added a base-node for sudo-rules to AD: CN=Sudo-Rules,CN=invis-Server,dc=invis-net,dc=loc, and an example ldif for adding new sudo rules to AD.
Next steps are:
- Writing a shell-script for adding new sudo-rules to AD
- Adding sudoers sssd configuration to invis-client package.
For Point 2: we have to extend the sssd.conf and the nsswitch.conf
services = nss, pam, sudo (in the global section)
sudoers: files sss
#3 Updated by flacco over 4 years ago
- % Done changed from 30 to 50
A first version of a script called sudorule2ad is ready an now part of the invis-server setup. It's now possible to sudo rules to ad.
Now we have to implement the client-site. Server an linux-clients inside an invis-server AD domain must look for sudo rules in the AD.