[sudo-users] objectClass=sudoRule vs objectClass=sudoRole in AD
Curtis.CTR.Roze at faa.gov
Curtis.CTR.Roze at faa.gov
Fri Oct 11 10:43:40 MDT 2013
Todd --
Thanks for the follow ups.
I pulled the debug query from the sssd_sudo.log. How would the
ldap debug be different?
and where would the log be located?
Curtis Roze
From: "Todd C. Miller" <Todd.Miller at courtesan.com>
AJW-175, RMM & NIMS Engineering Team
To: Curtis CTR Roze/ACT/CNTR/FAA at FAA,
Cc: sudo-users at sudo.ws
Date: 10/11/2013 11:14 AM
Subject: Re: [sudo-users] objectClass=sudoRule vs
objectClass=sudoRole in AD
On Fri, 11 Oct 2013 09:56:50 -0400, Curtis.CTR.Roze at faa.gov wrote:
> No I don't. I didn't know anything about it.
You shouldn't need to set it. I just don't see how you could end
up with a query that uses objectClass=sudoRule unless an explicit
filter was used.
If you set:
sudoers_debug 2
in ldap.conf you should be able to see the queries sudo is making.
- todd
More information about the sudo-users
mailing list