[sudo-users] objectClass=sudoRule vs objectClass=sudoRole in AD

Curtis.CTR.Roze at faa.gov Curtis.CTR.Roze at faa.gov
Fri Oct 11 10:43:40 MDT 2013

Todd --

        Thanks for the follow ups.

        I pulled the debug query from the sssd_sudo.log. How would the 
ldap debug be different?

        and where would the log be located?

Curtis Roze

From:   "Todd C. Miller" <Todd.Miller at courtesan.com>
        AJW-175, RMM & NIMS Engineering Team
To:     Curtis CTR Roze/ACT/CNTR/FAA at FAA, 
Cc:     sudo-users at sudo.ws
Date:   10/11/2013 11:14 AM
Subject:        Re: [sudo-users] objectClass=sudoRule vs 
objectClass=sudoRole in AD

On Fri, 11 Oct 2013 09:56:50 -0400, Curtis.CTR.Roze at faa.gov wrote:

> No I don't. I didn't know anything about it.

You shouldn't need to set it.  I just don't see how you could end
up with a query that uses objectClass=sudoRule unless an explicit
filter was used.

If you set:

sudoers_debug 2

in ldap.conf you should be able to see the queries sudo is making.

 - todd

More information about the sudo-users mailing list