#1640 "defaults" entry ignored
Closed: Fixed None Opened 6 years ago by pbrezina.

https://bugzilla.redhat.com/show_bug.cgi?id=875740 (Red Hat Enterprise Linux 6)

Description of problem:
SSSD ignores options from "defaults" entry in LDAP

Version-Release number of selected component (if applicable):
libsss_autofs-1.9.2-7.el6.x86_64
sssd-1.9.2-7.el6.x86_64
libsss_sudo-1.9.2-7.el6.x86_64
libsss_idmap-1.9.2-7.el6.x86_64
sssd-client-1.9.2-7.el6.x86_64
sudo-1.8.6p3-5.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. Use the attached LDIF file to fill LDAP directory
2. Use the attached sssd.conf as the base for client configuration
3. Execute "su -c 'sudo -u user2 whoami' user1" as root

Actual results:
sudo: no tty present and no askpass program specified

Expected results:
user2

Additional info:
If the sudoOption attributes are moved to the cn=test entry instead, sudo
behaves as documented.

cn=defaults is a special rule that contains default options. This rule doesn't have to have sudoHost attribute specified which was unexpected (it is mandatory on other rules). We need to amend filter in provider so we don't require this attribute on cn=defaults rule.

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => pbrezina
status: new => assigned
testsupdated: => 0

Fields changed

patch: 0 => 1

This is quite important to get in and there is a patch available. Moving to 1.9.3

milestone: NEEDS_TRIAGE => SSSD 1.9.3

resolution: => fixed
status: assigned => closed

Metadata Update from @pbrezina:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.9.3

2 years ago

Login to comment on this ticket.

Metadata