My ldap_sudo_search_base path end with “?onelevel?” since it’s a search base you have to
give it a scope. It's working fine for us.
Sent from my Windows 10 phone
From: John Beranek<mailto:firstname.lastname@example.org>
Sent: Friday, October 13, 2017 4:07 PM
To: End-user discussions about the System Security Services
Subject: [SSSD-users] Re: sudo does not work with SSSD
On 13 October 2017 at 19:28, Asif Iqbal wrote:
I have this is sssd.conf
debug_level = 0x3ff0
debug_level = 0x02F0
sudo_provider = ldap
ldap_sudo_search_base = ou=People,dc=mnet,dc=qintra,dc=com
ldap_sudorule_object_class = mnetperson
user can login OK with ldap, but sudo is failing
I see the it is doing a ldapsearch like this in the sssd_sudo.log
(Fri Oct 13 18:08:10 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache]
(0x0200): Searching sysdb with
(Fri Oct 13 18:08:10 2017) [sssd[sudo]] [sudosrv_get_sudorules_from_cache]
(0x0400): Returning 0 rules for [iqbala@LDAP]
It would have worked if search were like this
How do I change the config to search like above?
The search it's doing is to retrieve sudo rule objects from the
directory, as defined in e.g.
Each LDAP object is equivalent to a line in a sudoers file.
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org