#2625 Sudo responder does not respect filter_users and filter_groups
Closed: Fixed None Opened 5 years ago by blesk.

We use freeipa for auth management with some local (mostly monitoring) users being present. We feed sudo from ldap, but again, we have local sudo rules for these local users. Even with filter_users and/or filter_groups parameters present, sssd constantly asks for these local users (including user root that should be omitted by default setting) causing heavy load on our freeipa LDAP.

We're using SL 6.6, no modification to sssd code on our side.

Fields changed

cc: => atkac@fedoraproject.org

owner: somebody => atkac

Please let us know if you'd like the patch to be pushed to other branches as well. 6.7 will have 1.12.x, I can advise to open a RH support case :-)

milestone: NEEDS_TRIAGE => SSSD 1.13 alpha

Fields changed

owner: atkac => jhrozek

Fields changed

owner: jhrozek => atkac

Fields changed

resolution: => fixed
status: new => closed

Yes, it would be nice to have fix in 1.12.X as well, can you please backport it? (simple cherry-pick works fine) Thanks in advance!

sure, pushed to sssd-1-12: d008c23

Please note RHEL-6.7 already rebased and we're cherry-picking patches already, so including this patch to RHEL must go through the usual RHEL process.

Metadata Update from @blesk:
- Issue assigned to atkac
- Issue set to the milestone: SSSD 1.13 alpha

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3666

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.