URL:
https://github.com/SSSD/sssd/pull/544
Author: jhrozek
Title: #544: IPA: Qualify the externalUser sudo attribute
Action: opened
PR body:
"""
We broke the externalUser support with the introduction of the fully
qualified attributes, because the provider was saving the data verbatim,
but the sudo responder expects a fully qualified name.
Reproducer:
on the server:
ipa sudocmd-add --desc='For reading log files' /usr/bin/less
ipa sudorule-add readfiles
ipa sudorule-add-user --users=lcluser
ipa sudorule-mod --hostcat=all readfiles
then on the client:
configure sssd with:
id_provider = files
sudo_provider = ipa
ipa_domain = ipa.test
run:
sudo useradd lcluser
sudo passwd lcluser
su - lcluser
sudo -l
"""
To pull the PR as Git branch:
git remote add ghsssd
https://github.com/SSSD/sssd
git fetch ghsssd pull/544/head:pr544
git checkout pr544