On 09 Jul 2014, at 20:00, Rich Megginson <rmeggins(a)redhat.com> wrote:
> re:
https://lists.fedorahosted.org/pipermail/sssd-users/2014-July/001891.html
> <snip>
>> OK, I take back all that I said over on the samba list, sssd does not
>> pull the sudo rules from AD
>>
>> I have just spent two hours trying to get sssd to get the sudo rules
>> from AD on my netbook that I have just installed Linux Mint mate 17 on,
>> to no effect.
>>
>> after upping sssd debug to 9, I found this search in sssd_example.com.log:
>>
>>
(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=netbook)(sudoHost=netbook.example.com)(sudoHost=192.168.0.229)(sudoHost=192.168.0.0/24)(sudoHost=fe80::1e4b:d6ff:fec0:e307)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*?*)(sudoHost=*\**)(sudoHost=*[*]*))))
>>
>> If I try to search with this via ldbsearch, it does not work, all I get
>> is this:
>>
>> allocating request failed: Unable to parse search expression
>>
>> If I remove one small part, it does work and displays the sudo roles
>>
>> So, what does this do?
>>
>> (sudoHost=*\**)
>
> I'm not sure what this search is supposed to do. What is the intention of this?
If it is to search for any sudoHost value with a literal asterisk "*" character
in it, then the search filter syntax is wrong. According to
http://tools.ietf.org/html/rfc4515, if you want to use a "*" in a search filter,
it must be escaped like this: \2A, so the search filter would be (sudoHost=*\2A*)
>
Thanks for chiming in, Rich.
Pavel, can you inspect the code and file a ticket if we have a bug?
Hi,
the search is supposed to find all rules containing a wildcard in
sudoHost attribute. Thanks for correcting the filter.
I filed:
In the mean time, if you don't use wildcards you can disable the filter
with: ldap_sudo_include_regexp = false in domain section of your sssd.conf.
>>
>> because I can only get the search to work without it
>>
>> Rowland
>
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users