Hi All I have this is sssd.conf
[sudo] debug_level = 0x3ff0 [domain/LDAP] debug_level = 0x02F0 ... sudo_provider = ldap ldap_sudo_search_base = ou=People,dc=mnet,dc=qintra,dc=com ldap_sudorule_object_class = mnetperson user can login OK with ldap, but sudo is failing I see the it is doing a ldapsearch like this in the sssd_sudo.log (Fri Oct 13 18:08:10 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=iqbala)(sudoUser=#408462)(sudoUser=%iqbala)(sudoUser=+*)))] (Fri Oct 13 18:08:10 2017) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules for [iqbala@LDAP] It would have worked if search were like this (&(objectClass=mnetperson)(|(sudoUser=ALL)(name=defaults)(uid=iqbala)(sudoUser=#408462)(sudoUser=%iqbala)(sudoUser=+*))) How do I change the config to search like above? Essentiall all I need is (&(objectClass=mnetperson)(uid=iqbala)) and may be I will add more attributes if I want other groups to be able to sudo. Also I do I map this to the sudo command that a user can run? Appreciate the help! -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org