This feature is really nice because there was often some discussion with customers regarding the former Two-way-trust (which was actually no real two-way-trust!!!). Here you can read more about new features in IPA in latest RHEL 7.2.
This is something I will test out during the next days. Read this Red Hat article to know how to realize this scenario.
This article describes very well above mentioned topic. Afterwards you should be able to manage sudo rules centrally in LDAP or Active Directory and access them through sssd for example. Have fun while reading.
In principle, a central Linux / UNIX user authentication should be provided for every user. Basically you will find Microsoft`s Active Directory as single point of truth in customer environments regarding identity management (IdM). Unfortunately a lot of requirements within the Linux / UNIX world are not met by Active Directory like
- Central sudo definitions
- Central host-based-access (actually for Red Hat systems only)
- Central unique user and group ID management