Learn more about these different git repos.
Other Git URLs
Seems like we broke sudo with non-POSIX groups in the 1.13 update. See: https://www.redhat.com/archives/freeipa-users/2016-June/msg00256.html
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1336548 (Red Hat Enterprise Linux 6)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1336548 1336548]
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.13.5
In sssd-1.13.4, we switched to IPA sudo rules schema stored at cn=sudo instead of the sudo schema used by sudo itself which is generated by compat plugin and stored at ou=sudoers. Setting the option ldap_sudo_search_base to ou=sudoers switch the processing back to pre-1.13.4 version.
owner: somebody => pbrezina status: new => assigned
We do not want to support non-POSIX groups in sudo rule definition. Either switch to the compat tree container "ou=sudoers,dc=example,dc=com" or alter your rules so that the non-POSIX group is included by a POSIX one which is referenced by sudo as "sudorule ---> posix group <--- non-posix group".
resolution: => wontfix status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to pbrezina - Issue set to the milestone: SSSD 1.13.5
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4079
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.