On 09 Jul 2014, at 20:00, Rich Megginson <[email protected]> wrote:
> re: https://lists.fedorahosted.org/pipermail/sssd-users/2014-July/001891.html > <snip> >> OK, I take back all that I said over on the samba list, sssd does not >> pull the sudo rules from AD >> >> I have just spent two hours trying to get sssd to get the sudo rules >> from AD on my netbook that I have just installed Linux Mint mate 17 on, >> to no effect. >> >> after upping sssd debug to 9, I found this search in sssd_example.com.log: >> >> (&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=netbook)(sudoHost=netbook.example.com)(sudoHost=192.168.0.229)(sudoHost=192.168.0.0/24)(sudoHost=fe80::1e4b:d6ff:fec0:e307)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*?*)(sudoHost=*\**)(sudoHost=*[*]*)))) >> >> If I try to search with this via ldbsearch, it does not work, all I get >> is this: >> >> allocating request failed: Unable to parse search expression >> >> If I remove one small part, it does work and displays the sudo roles >> >> So, what does this do? >> >> (sudoHost=*\**) > > I'm not sure what this search is supposed to do. What is the intention of > this? If it is to search for any sudoHost value with a literal asterisk "*" > character in it, then the search filter syntax is wrong. According to > http://tools.ietf.org/html/rfc4515, if you want to use a "*" in a search > filter, it must be escaped like this: \2A, so the search filter would be > (sudoHost=*\2A*) > Thanks for chiming in, Rich. Pavel, can you inspect the code and file a ticket if we have a bug? >> >> because I can only get the search to work without it >> >> Rowland > > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
