-
Notifications
You must be signed in to change notification settings - Fork 247
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSSD Sudo not applying cn=defaults #6591
Comments
A small update: I have compiled SSSD 2.8.2 from source and the behaviour is still the same. |
A minor bump to get some attention on this issue. Can anybody provide some input on how to troubleshoot this? |
Hi, @sveldhuisen, could you please show defenition of your 'defaults' rules? @pbrezina, is this normal that 'defaults' rule miss 'sudoCommand'/'sudoHost'? |
Hi alexey, Here you go (LDIF, currently without sudoUser configured):
|
Hi Team, Any update regarding this issue? If you need more information please let me know. |
Yes. This is a special rule that represents "Defaults" section in sudoers. |
I couldn't reproduce it, can you please share full sssd_sudo.log file? I am especially interested in the search filter used to retrieve defaults rule. This is what I got:
|
Thanks for the effort. Let me retest it, but I'm pretty sure that my log did not contain any reference to "sudosrv_query_cache". |
You can bump the debug level prior testing if needed, for example with |
No feedback, candidate to close. |
sudo listing on CLI:
|
I'm using SSSD with sudo from ldap through NSS (not sudo-ldap). My SSD version is 2.5.2 (SLES 15 SP4). My LDAP backend is eDirectory 9.2.7.
After a day of troubleshooting I came to the conclusion that SSD is not retrieving/ applying my sudo defaults from LDAP.
sssd.conf
nsswitch.conf
sudoers: sss
Initially SSD did not retrieve my sudo defaults at all:
sssd_sudo.log
After reading #5108 I have added sudoUser=ALL and that resulted into the retrieval of the sudo defaults (regression bug as this was fixed in SSSD 2.2.1?)
sssd_sudo.log
However the sudo defaults are still not being applied:
sudo -ll -U testuser
The retrieval from LDAP seems te be working fine.
SSD domain LDAP log
The text was updated successfully, but these errors were encountered: