On Thu, Apr 17, 2014 at 02:22:18PM +0200, Michael Ströder wrote: > On Thu, 17 Apr 2014 12:44:57 +0200 "Michael Ströder" <[email protected]> > wrote > > I can see substring filters like this in my LDAP logs: > > > > [..] (|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*)))) > > > > (stripped the lenghty filter) > > > > Is this sssd asking for sudoRole entries? > > Hmm, clarified with the sysadmin to use: > > ldap_sudo_use_host_filter = false > > IMHO this should be the default because substring searches like above are > really stupid. > > Ciao, Michael.
Did you sanitize the filter before sending it to the list? I would have expected the filter to include your machine's host name.. And no, it's not stupid, the intent is to download only rules that apply to the particular machine. _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
