The debug is set to 7.
I don't post now the sudo_debug.log because it's very long. If it could be useful I can try to post it also later.
==> sssd_sudo.log <==
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [accept_fd_handler] (0x0400): Client connected!
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sss_cmd_get_version] (0x0200): Received client version [1].
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sss_cmd_get_version] (0x0200): Offered version [1].
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name 'MYUSER' matched without domain, user is MYUSER
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name 'MYUSER' matched without domain, user is MYUSER
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_cmd_parse_query_done] (0x0200): Requesting default options for [MYUSER] from [<ALL>]
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_user] (0x0200): Requesting info about [
MYUSER@MYDOMAIN.COM]
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [
MYUSER@MYDOMAIN.COM]
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving default options for [MYUSER] from [
MYDOMAIN.COM]
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=MYUSER)(sudoUser=#1126)(sudoUser=%SystemAdmin)(sudoUser=%MYUSER)(sudoUser=+*))(&(dataExpireTimestamp<=1510329679)))]
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(name=defaults)))]
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 0 rules for [<default options>@
MYDOMAIN.COM]
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name 'MYUSER' matched without domain, user is MYUSER
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sss_parse_name_for_domains] (0x0200): name 'MYUSER' matched without domain, user is MYUSER
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_cmd_parse_query_done] (0x0200): Requesting rules for [MYUSER] from [<ALL>]
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_user] (0x0200): Requesting info about [
MYUSER@MYDOMAIN.COM]
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [
MYUSER@MYDOMAIN.COM]
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving rules for [MYUSER] from [
MYDOMAIN.COM]
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=MYUSER)(sudoUser=#1126)(sudoUser=%SystemAdmin)(sudoUser=%MYUSER)(sudoUser=+*))(&(dataExpireTimestamp<=1510329679)))]
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=MYUSER)(sudoUser=#1126)(sudoUser=%SystemAdmin)(sudoUser=%MYUSER)(sudoUser=+*)))]
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
(Fri Nov 10 17:01:19 2017) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for [
MYUSER@MYDOMAIN.COM]
==> sssd_MYDOMAIN.COM.log <==
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_get_account_info] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][1][name=MYUSER]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_req_set_domain] (0x0400): Changing request domain from [
MYDOMAIN.COM] to [
MYDOMAIN.COM]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_initgr_next_base] (0x0400): Searching for users with base [dc=MYDOMAIN,dc=COM]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=MYUSER)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][dc=MYDOMAIN,dc=COM].
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPasswordExpiration]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginExpirationTime]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginAllowedTimeMap]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [sshPublicKey]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_parse_entry] (0x1000): OriginalDN: [uid=MYUSER,ou=people,dc=MYDOMAIN,dc=COM].
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_save_user] (0x0400): Save user
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_attrs_get_sid_str] (0x1000): No [objectSID] attribute. [0][Success]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_primary_name] (0x0400): Processing object MYUSER
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_save_user] (0x0400): Processing user MYUSER
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_save_user] (0x0400): Original memberOf is not available for [MYUSER].
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_save_user] (0x0400): User principal is not available for [MYUSER].
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_save_user] (0x0400): Storing info for user MYUSER
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_initgr_rfc2307_next_base] (0x0400): Searching for groups with base [dc=MYDOMAIN,dc=COM]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(memberuid=MYUSER)(objectClass=posixGroup)(cn=*)(&(gidNumber=*)(!(gidNumber=0))))][dc=MYDOMAIN,dc=COM].
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_parse_entry] (0x1000): OriginalDN: [cn=SystemAdmin,ou=groups,dc=MYDOMAIN,dc=COM].
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_initgr_done] (0x0400): Primary group already cached, nothing to do.
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_req_set_domain] (0x0400): Changing request domain from [
MYDOMAIN.COM] to [
MYDOMAIN.COM]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_pam_handler] (0x0100): Got request with the following data
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): domain:
MYDOMAIN.COM(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): user: MYUSER
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): service: sudo
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): tty: /dev/pts/4
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): ruser: MYUSER
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): rhost:
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): authtok type: 1
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): newauthtok type: 0
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): priv: 0
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): cli_pid: 30273
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): logon name: not set
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP'
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [get_server_status] (0x1000): Status of server 'LDAPSERVER' is 'working'
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [get_port_status] (0x1000): Port status of port 389 for server 'LDAPSERVER' is 'working'
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [get_server_status] (0x1000): Status of server 'LDAPSERVER' is 'working'
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_resolve_server_process] (0x1000): Saving the first resolved server
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_resolve_server_process] (0x0200): Found address for server LDAPSERVER: [XXX.XXX.XXX.XXX] TTL 2994
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_uri_callback] (0x0400): Constructed uri 'ldap://LDAPSERVER'
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_ldap_connect_callback_add] (0x1000): New LDAP connection to [ldap://LDAPSERVER:389/??base] with fd [24].
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_sys_connect_done] (0x0100): Executing START TLS
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_connect_done] (0x0080): START TLS result: Success(0), (null)
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'LDAPSERVER' as 'working'
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [set_server_common_status] (0x0100): Marking server 'LDAPSERVER' as 'working'
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'LDAPSERVER' as 'working'
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [simple_bind_send] (0x0100): Executing simple bind as: uid=MYUSER,ou=people,dc=MYDOMAIN,dc=COM
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [simple_bind_done] (0x1000): Password Policy Response: expire [-1] grace [-1] error [No error].
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [simple_bind_done] (0x0400): Bind result: Success(0), no errmsg set
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_pam_auth_done] (0x0100): Password successfully cached for MYUSER
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_pam_handler_callback] (0x0100): Sending result [0][
MYDOMAIN.COM]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_pam_handler_callback] (0x0100): Sent result [0][
MYDOMAIN.COM]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_req_set_domain] (0x0400): Changing request domain from [
MYDOMAIN.COM] to [
MYDOMAIN.COM]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_pam_handler] (0x0100): Got request with the following data
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): domain:
MYDOMAIN.COM(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): user: MYUSER
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): service: sudo
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): tty: /dev/pts/4
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): ruser: MYUSER
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): rhost:
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): authtok type: 0
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): newauthtok type: 0
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): priv: 0
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): cli_pid: 30273
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [pam_print_data] (0x0100): logon name: not set
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_access_send] (0x0400): Performing access check for user [MYUSER]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_access_filter_send] (0x0400): Performing access filter check for user [MYUSER]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_access_filter_send] (0x0400): Checking filter against LDAP
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(uid=MYUSER)(objectclass=posixAccount)(uidNumber=*))][uid=MYUSER,ou=people,dc=MYDOMAIN,dc=COM].
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_parse_entry] (0x1000): OriginalDN: [uid=MYUSER,ou=people,dc=MYDOMAIN,dc=COM].
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [sdap_access_filter_done] (0x0400): Access granted by online lookup
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_pam_handler_callback] (0x0400): SELinux provider doesn't exist, not sending the request to it.
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_pam_handler_callback] (0x0100): Sending result [0][
MYDOMAIN.COM]
(Fri Nov 10 17:01:22 2017) [sssd[be[
MYDOMAIN.COM]]] [be_pam_handler_callback] (0x0100): Sent result [0][
MYDOMAIN.COM]
==> sssd_sudo.log <==
(Fri Nov 10 17:01:22 2017) [sssd[sudo]] [client_recv] (0x0200): Client disconnected!
There is this line: [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for [
There is also this line: [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=MYUSER)(sudoUser=#1126)(sudoUser=%SystemAdmin)(sudoUser=%MYUSER)(sudoUser=+*)))]