On 09 Jul 2014, at 20:00, Rich Megginson <rmeggins(a)redhat.com> wrote:
> re: https://lists.fedorahosted.org/pipermail/sssd-users/2014-July/001891.html
>> OK, I take back all that I said over on the samba list, sssd does not
>> pull the sudo rules from AD
>> I have just spent two hours trying to get sssd to get the sudo rules
>> from AD on my netbook that I have just installed Linux Mint mate 17 on,
>> to no effect.
>> after upping sssd debug to 9, I found this search in sssd_example.com.log:
>> If I try to search with this via ldbsearch, it does not work, all I get
>> is this:
>> allocating request failed: Unable to parse search expression
>> If I remove one small part, it does work and displays the sudo roles
>> So, what does this do?
> I'm not sure what this search is supposed to do. What is the intention of this?
If it is to search for any sudoHost value with a literal asterisk "*" character
in it, then the search filter syntax is wrong. According to
, if you want to use a "*" in a search filter,
it must be escaped like this: \2A, so the search filter would be (sudoHost=*\2A*)
Thanks for chiming in, Rich.
Pavel, can you inspect the code and file a ticket if we have a bug?
the search is supposed to find all rules containing a wildcard in
sudoHost attribute. Thanks for correcting the filter.
In the mean time, if you don't use wildcards you can disable the filter
with: ldap_sudo_include_regexp = false in domain section of your sssd.conf.
>> because I can only get the search to work without it
> sssd-users mailing list