I have a Nethserver instance in my homelab running a test AD, which I like to imagine might some day form an example for the small IT consulting firm I work for to use in our supported sites with heterogenous OS requirements, such as media/entertainment companies running Linux, Mac, and Windows workstations.
I think I understand what this is saying, which is effectively that as long as the schema is set up correctly in AD, simply dropping a correctly-formatted file to /etc/ldap.conf will enable sudo to check AD efficiently. I’m pretty sure I can figure my way through getting ldap.conf correct, but I have no idea what to do with the AD schema discussed here: “[The sudo schema] for Microsoft Active Directory (schema.ActiveDirectory) may be found in the sudo distribution.”
these guides are great! but they all appear to use the method of specifying a group in the sudoers file, which the article I linked to explicitly identifies as a less-desirable way of implementing sudoers permissions in larger or distributed envrionment, or when you want to enable more subtle applications of sudo.
it’s also a good opportunity to learn about modifying AD schemas and this is a wonderful community
for performing general domain joins i have discovered that pbis works well. this query is not about joining the domain, but using sudoers.ldap to manage privilege escalation on nix systems.