[Samba] Sudoers in Samba LDAP

[Anton Shevtsov]

Hi,

I have a DC on samba 4.17.12

I want store sudoers in LDAP, and use sssd for get rules from LDAP.

I was configured sssd.conf

[sssd]
config_file_version = 2
services = nss, pam, sudo
user = _sssd
domains = TEST.ALT

[nss]
[sudo]
[pam]

[domain/TEST.TLD]
dyndns_update = true
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
default_shell = /bin/bash
fallback_homedir = /home/%d/%u
debug_level = 0
ad_gpo_ignore_unreadable = true
ad_gpo_access_control = permissive
ad_update_samba_machine_account_password = true
cache_credentials = false
sudo_provider = ad
ldap_sudo_search_base = ou=sudoers, dc=test, dc=tld

and  nsswitch.conf

...
sudoers: files sss
...

I сreated OU=sudoers,dc=test,dc=tld, but stopped during creation sudo 
entries like as

cn=username1,ou=sudoers,dc=test,dc=tld
cn=username2,ou=sudoers,dc=test,dc=tld

I read https://lists.samba.org/archive/samba/2016-April/199402.html , 
but i have sudoRole objectclass (i see in ADSI on Windows side. It would 
be better without using Windows).
Also, i have not *schema.ActiveDirectory* for import to Samba.

How i can add sudoRole objectclass ?


-- 
*Anton*