In my quest to implement sssd, my focus turned towards sudo. Centralizing the sudo rules to an LDAP server (or cluster) simplifies management of users and access. Rather than /etc/sudoers files on each machine, sudo can look in to LDAP for a specific user’s rules. The path of a query is: sudo command requested ->
After my previous efforts to migrate to sssd, it was discovered after a reboot that sssd and a tmpfs /var/log did not play well together. sssd has a couple of minor faults: If the default /var/log/sssd directory does not exist, sssd will not start It does not create the default /var/log/sssd directory if one does
Migrating to yet another interface to talk to your LDAP server sounds like a complete waste of time, and in some respects that is true. However, sssd will enable you to do so much more than nslcd/PADL could do for you without having that feeling that you just dirtied up your system with a terrible hack.