[sudo-users] Active Directory Schema incomplete? (and SUDOERS_TIMED attributes not working)
Todd C. Miller
Todd.Miller at courtesan.com
Fri Jul 27 15:19:50 EDT 2012
Thanks, I've made those fixes to the schema.ActiveDirectory file
in the sudo source repo.
I see that AD includes tenths of a second in its timetstamps. Sudo
does not include fractional seconds when it constructs the time
filter, as it is optional, but perhaps this is causing problems.
You can try editing plugins/sudoers/ldap.c and changing the
"%Y%m%d%H%M%SZ" to "%Y%m%d%H%M%S.0Z" to see if that makes any
difference. I recall that the Tivoli Directory Server required
that the seconds field be present, perhaps AD has a similar requirement
for tenths of a second.
- todd
More information about the sudo-users
mailing list