[sudo-users] objectClass=sudoRule vs objectClass=sudoRole in AD
Curtis.CTR.Roze at faa.gov
Curtis.CTR.Roze at faa.gov
Fri Oct 11 06:53:44 MDT 2013
How does the query for sudo rules in AD even work when the debug shows a
query such as:
(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=test.user)(sudoUser=#1215014110)(sudoUser=%test_rmm_linux_users)(sudoUser=%Domain
Users)(sudoUser=%Domain Users)(sudoUser=+*)))
If I execute this on the command line using ldapsearch I get no results.
If I change objectClass to objectClass=sudoRole in the same seach,
ldapsearch works perfectly.
I created the sudoers ou and objects using the guidance in the sudoers
documentation on sudo.ws.
Thanks for the insight.
Curtis Roze
More information about the sudo-users
mailing list