[sudo-users] objectClass=sudoRule vs objectClass=sudoRole in AD

Curtis.CTR.Roze at faa.gov Curtis.CTR.Roze at faa.gov
Fri Oct 11 06:53:44 MDT 2013

How does the query for sudo rules in AD even work when the debug shows a 
query such as:

Users)(sudoUser=%Domain Users)(sudoUser=+*)))

If I execute this on the command line using ldapsearch I get no results.

If I change objectClass to objectClass=sudoRole in the same seach, 
ldapsearch works perfectly.

I created the sudoers ou and objects using the guidance in the sudoers 
documentation on sudo.ws.

Thanks for the insight.

Curtis Roze

More information about the sudo-users mailing list