I fixed it. Here’s more from the sssd_domain log. A single line revealed the issue. When storing the DevTest rule it said a value is provided more than once. When I looked at the entry in AD, the attribute sudoUser had the same group entered twice. Once as %GS-Technology, once as %gs-technology.
I’m guessing someone was thinking that the group lookup was case sensitive and entered it both ways to rule that out. Ends up breaking the storing of the rules and it seems if one rule fails to be stored, they all are. Not necessarily the best thing to do maybe? (Thu Apr 5 13:30:44 2018) [sssd[be[internal.ieeeglobalspec.com]]] [sysdb_store_custom] (0x0020): Failed to store custom entry: Attribute or value exists(20)[attribute 'sudoUser': value #5 on 'name=DevTest,cn=sudorules,cn=custom,cn=internal.ieeeglobalspec.com,cn=sysdb' provided more than once] Thanks! Max _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
