You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1138255
Description of problem:
sssd doesn't support time format without minutes and seconds in sudo entries
(sudoNotBefore and sudoNotAfter).
Minutes and seconds portions are optional according to sudoers.ldap man page.
It says:
he minute and seconds portions are optional, but some LDAP servers require that
they be present (contrary to the RFC).
dn: cn=rule_allow,ou=Sudoers,dc=my-domain,dc=com
objectClass: top
objectClass: sudoRole
cn: rule_allow
sudoHost: ALL
sudoUser: userallowed
sudoCommand: ALL
sudoNotBefore: 2014090309Z
[test]date -u
Thu Sep 4 09:27:38 UTC 2014
[test]su - userallowed -c 'sudo true'
su: warning: cannot change directory to /home/userallowed: No such file or
directory
userallowed is not allowed to run sudo on rhel7. This incident will be
reported.
/var/log/sssd/sssd_sudo.log contains 'Invalid time format in rule
[rule_allow]!'
Version-Release number of selected component (if applicable):
sssd-1.11.2-65.el7
sudo-1.8.6p7-11.el7
How reproducible:
always
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
We decided we woulnd't implement this RFE because it was opened for more than 2 years without a patch being submitted or anyone being really interested in contributing a patch. Closing.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2432
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1138255
Comments
Comment from jhrozek at 2014-09-05 10:37:30
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1138555 (Red Hat Enterprise Linux 6)
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1138255 1138255] => [https://bugzilla.redhat.com/show_bug.cgi?id=1138255 1138255], [https://bugzilla.redhat.com/show_bug.cgi?id=1138555 1138555]
Comment from jhrozek at 2014-09-16 10:52:13
Fields changed
blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.15 beta
review: True => 0
selected: =>
testsupdated: => 0
Comment from jhrozek at 2016-11-25 10:25:45
I would just close this as wontfix.
mark: => 0
review: 0 => 1
selected: => Not need
sensitive: => 0
Comment from jhrozek at 2016-12-05 15:27:20
We decided we woulnd't implement this RFE because it was opened for more than 2 years without a patch being submitted or anyone being really interested in contributing a patch. Closing.
resolution: => wontfix
status: new => closed
Comment from jhrozek at 2017-02-24 14:56:13
Metadata Update from @jhrozek:
The text was updated successfully, but these errors were encountered: