URL: https://github.com/SSSD/sssd/pull/39 Title: #39: RESPONDER: Enable sudoRule in case insen. domains (1.13)
celestian commented: """ Yes, the second patch explicitly qualifies the names. I don't know if there is possibility to add wrong domain to the given user name this way. That's the question. The reason for doing this is that function ```sudosrv_get_user()``` ask for that type of name. How you can see: ``` # grep 'administrator' *.log # sssd_scorpion.domain.log: [be_get_account_info] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][1][name=administrator] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(sAMAccountName=administrator)(objectclass=user)(objectSID=*))][DC=scorpion,DC=domain]. [pam_print_data] (0x0100): ruser: administrator@scorpion.domain [sssd[be[scorpion.domain]]] [pam_print_data] (0x0100): ruser: administrator@scorpion.domain # sssd_sudo.log: [sss_parse_name_for_domains] (0x0200): name 'administrator@scorpion.domain' matched expression for domain 'scorpion.domain', user is administrator [sss_parse_name_for_domains] (0x0200): name 'administrator@scorpion.domain' matched expression for domain 'scorpion.domain', user is administrator [sudosrv_cmd_parse_query_done] (0x0200): Requesting default options for [administrator] from [scorpion.domain] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/scorpion.domain/administrator] [sudosrv_get_user] (0x0200): Requesting info about [administrator@scorpion.domain] [sudosrv_get_user] (0x0400): Returning info for user [administrator@scorpion.domain] [sss_parse_name_for_domains] (0x0200): name 'administrator@scorpion.domain' matched expression for domain 'scorpion.domain', user is administrator [sss_parse_name_for_domains] (0x0200): name 'administrator@scorpion.domain' matched expression for domain 'scorpion.domain', user is administrator [sudosrv_cmd_parse_query_done] (0x0200): Requesting rules for [administrator] from [scorpion.domain] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/scorpion.domain/administrator] [sudosrv_get_user] (0x0200): Requesting info about [administrator@scorpion.domain] [sudosrv_get_user] (0x0400): Returning info for user [administrator@scorpion.domain] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for [administrator@scorpion.domain] ``` """ See the full comment at https://github.com/SSSD/sssd/pull/39#issuecomment-259131495
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
