On 09 Jul 2014, at 20:00, Rich Megginson rmeggins@redhat.com wrote:
re: https://lists.fedorahosted.org/pipermail/sssd-users/2014-July/001891.html
<snip> > OK, I take back all that I said over on the samba list, sssd does not > pull the sudo rules from AD > > I have just spent two hours trying to get sssd to get the sudo rules > from AD on my netbook that I have just installed Linux Mint mate 17 on, > to no effect. > > after upping sssd debug to 9, I found this search in sssd_example.com.log: > > (&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=netbook)(sudoHost=netbook.example.com)(sudoHost=192.168.0.229)(sudoHost=192.168.0.0/24)(sudoHost=fe80::1e4b:d6ff:fec0:e307)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*?*)(sudoHost=*\**)(sudoHost=*[*]*)))) > > If I try to search with this via ldbsearch, it does not work, all I get > is this: > > allocating request failed: Unable to parse search expression > > If I remove one small part, it does work and displays the sudo roles > > So, what does this do? > > (sudoHost=*\**)
I'm not sure what this search is supposed to do. What is the intention of this? If it is to search for any sudoHost value with a literal asterisk "*" character in it, then the search filter syntax is wrong. According to http://tools.ietf.org/html/rfc4515, if you want to use a "*" in a search filter, it must be escaped like this: \2A, so the search filter would be (sudoHost=*\2A*)
Thanks for chiming in, Rich.
Pavel, can you inspect the code and file a ticket if we have a bug?
because I can only get the search to work without it
Rowland
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users