How to configure SSSD to fetch sudo rules for local users from AD

Solution Verified - Updated -

Issue

At the moment, SSSD can only be used to serve sudo rules that are stored in a LDAP server for domain users and not for local users. As seen here there is a workaround proposed as to solve this, using a separate proxy domain pointing to the LDAP entries.
Going this one step further, there is also the option to use the exact same approach as to use the embedded LDAP of AD with SSSD, making this combination also a valid solution.

Environment

Red Hat Enterprise Linux Server release 7.3 (Maipo)
sssd-1.14.0-43.el7_3.11.x86_64
AD 2008 R2 (with sudo schema extended)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.