Can you confirm that you have sudoer_debug set to 2?
If I gather correctly, this is on RHEL 6.3? What version of sudo?
I'm seeing different output. Mine includes the number of candidate
results for sudoUser are found.
If you watch /var/log/dirsrv/slapd-REALM/access on your IPA server
you'll be able to see the LDAP searches the sudo client is making. The
log is buffered so you won't see them immediately. Can you send us the
queries that are being made?
Freeipa-users mailing list