#3694 externalUser sudo attribute must be fully-qualified
Closed: Fixed a year ago Opened a year ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1562025

The externalUser support has been broken with the introduction of the fully
qualified attributes, because the provider was saving the data verbatim,
but the sudo responder expects a fully qualified name.

Reproducer:
on the server:
ipa sudocmd-add --desc='For reading log files' /usr/bin/less
ipa sudorule-add readfiles
ipa sudorule-add-user --users=lcluser
ipa sudorule-mod --hostcat=all readfiles

then on the client:
   configure sssd with:
       id_provider = files
       sudo_provider = ipa
       ipa_domain = ipa.test

    run:
       sudo useradd lcluser
       sudo passwd lcluser
       su - lcluser
       sudo -l

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1562025

a year ago

Metadata Update from @jhrozek:
- Issue assigned to jhrozek

a year ago

Metadata Update from @jhrozek:
- Issue tagged with: PR, bug

a year ago

Metadata Update from @jhrozek:
- Issue priority set to: major

a year ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.

Metadata