[sudo-workers] Empty SUDOERS_SEARCH_FILTER bug
Daniel Kopeček
dkopecek at redhat.com
Thu Aug 31 02:08:28 MDT 2017
Hello,
the sudoers.ldap(5) manual page states that you can use the
`SUDOERS_SEARCH_FILTER ldap_filter` option
and omit the ldap_filter value so that no filter will be used. However,
when you try to do that, it seems that
sudo then passes an invalid filter expression to the LDAP API:
---snip---
sudo: ldap search '(sudoUser=*)(sudoUser=+*)'
sudo: searching from base 'ou=SUDOers,dc=localhost,dc=localdomain'
sudo: ldap search pass 2 failed: Bad search filter
---snip---
One can use `SUDOERS_SEARCH_FILTER (objectClass=*)` to workaround this.
Regards,
Daniel
More information about the sudo-workers
mailing list