Excellent! That's the fix I was looking for... thanks for the quick reply.
I was able to apply that patch to the 1.11.7 version and validate the change in behavior.
From: Lukas Slebodnik <lslebodn(a)redhat.com>
Sent: Friday, April 29, 2016 1:16 PM
To: End-user discussions about the System Security Services Daemon
Subject: [SSSD-users] Re: Prevent sudo queries to ldap for service accounts
On (29/04/16 22:12), Lukas Slebodnik wrote:
On (29/04/16 20:08), Jared Watkins wrote:
>I've got sssd 1.11.5 running on ubuntu trusty and I'm seeing some behavior
that I'd like to change. When local service account users run sudo commands the sssd
sudo module is triggering ldap lookups. For NSS data I'm suppressing these with
filter_users/filter_groups but there does not seem to be a way of doing that for the sudo
module. This is despite the fact that in nsswitch files comes before sss.
>I've gone through the docs and the list archive but couldn't find anything on
point for this. Any help is appreciated.
filter_users/filter_grups shoudl work with sudo responder in sssd-1.13.0+
Actually, ticket was fixed even in 1.12.5
sssd-users mailing list