0f6b5b0 IPA: Qualify the externalUser sudo attribute

Authored and Committed by jhrozek 5 years ago
    IPA: Qualify the externalUser sudo attribute
    
    We broke the externalUser support with the introduction of the fully
    qualified attributes, because the provider was saving the data verbatim,
    but the sudo responder expects a fully qualified name.
    
    Reproducer:
        on the server:
            ipa sudocmd-add --desc='For reading log files' /usr/bin/less
            ipa sudorule-add readfiles
            ipa sudorule-add-user --users=lcluser
            ipa sudorule-mod --hostcat=all readfiles
    
        then on the client:
            configure sssd with:
                id_provider = files
                sudo_provider = ipa
                ipa_domain = ipa.test
    
            run:
                sudo useradd lcluser
                sudo passwd lcluser
                su - lcluser
                sudo -l
    
    Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
    Reviewed-by: Pavel Březina <pbrezina@redhat.com>