On 13 October 2017 at 19:28, Asif Iqbal wrote:
> Hi All
> I have this is sssd.conf
> debug_level = 0x3ff0
> debug_level = 0x02F0
> sudo_provider = ldap
> ldap_sudo_search_base = ou=People,dc=mnet,dc=qintra,
dc=comThe search it's doing is to retrieve sudo rule objects from the
> ldap_sudorule_object_class = mnetperson
> user can login OK with ldap, but sudo is failing
> I see the it is doing a ldapsearch like this in the sssd_sudo.log
> (Fri Oct 13 18:08:10 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_
> (0x0200): Searching sysdb with
sudoUser=ALL)(sudoUser=iqbala) (sudoUser=#408462)(sudoUser=% iqbala)(sudoUser=+*)))]
> (Fri Oct 13 18:08:10 2017) [sssd[sudo]] [sudosrv_get_sudorules_from_
> (0x0400): Returning 0 rules for [iqbala@LDAP]
> It would have worked if search were like this
sudoUser=ALL)(name=defaults)( uid=iqbala)(sudoUser=#408462)( sudoUser=%iqbala)(sudoUser=+*) ))
> How do I change the config to search like above?
directory, as defined in e.g.
Each LDAP object is equivalent to a line in a sudoers file.
sssd-users mailing list -- firstname.lastname@example.org.
To unsubscribe send an email to sssd-users-leave@lists.