This was asked in the SUDO-users mailing list today. It seemed like something important to cover in here as well.
From: <curtis.ctr.r...@faa.gov<mailto:curtis.ctr.r...@faa.gov>> Subject: [sudo-users] objectClass=sudoRule vs objectClass=sudoRole in AD Date: October 11, 2013 5:53:44 AM PDT To: <sudo-us...@sudo.ws<mailto:sudo-us...@sudo.ws>> How does the query for sudo rules in AD even work when the debug shows a query such as: (&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=test.user)(sudoUser=#1215014110)(sudoUser=%test_rmm_linux_users)(sudoUser=%Domain Users)(sudoUser=%Domain Users)(sudoUser=+*))) If I execute this on the command line using ldapsearch I get no results. If I change objectClass to objectClass=sudoRole in the same seach, ldapsearch works perfectly. I created the sudoers ou and objects using the guidance in the sudoers documentation on sudo.ws. Thanks for the insight. Curtis Roze ____________________________________________________________ sudo-users mailing list <sudo-us...@sudo.ws<mailto:sudo-us...@sudo.ws>> For list information, options, or to unsubscribe, visit: http://www.sudo.ws/mailman/listinfo/sudo-users _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel