>This is what I see when I manually add the ipaSudoRule entry to my test
> dn: cn=devel,cn=sudoers,dc=example,dc=com
> objectClass: sudoRole
> sudoUser: %ops
> sudoHost: auth4.ops.expertcity.com
> sudoCommand: /usr/bin/less
> cn: devel
>That's assuming the group and host entries you're using are still the
>same as the sample ones from a while back, of course.
>In the currently proposed configuration, the expansion of memberHost
>attribute values depends on functionality that's new in slapi-nis 0.20
>and later. Which version are you using?
After a refresh:
I can confirm that I also have the same info as you.
I guess the piece that is still missing then is:
It should be:
sudoHost: +production <- which is the group assigned to the ipasudorule.
Freeipa-devel mailing list