#3694 externalUser sudo attribute must be fully-qualified
Closed: Fixed 4 years ago Opened 4 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1562025

The externalUser support has been broken with the introduction of the fully
qualified attributes, because the provider was saving the data verbatim,
but the sudo responder expects a fully qualified name.

Reproducer:
on the server:
ipa sudocmd-add --desc='For reading log files' /usr/bin/less
ipa sudorule-add readfiles
ipa sudorule-add-user --users=lcluser
ipa sudorule-mod --hostcat=all readfiles

then on the client:
   configure sssd with:
       id_provider = files
       sudo_provider = ipa
       ipa_domain = ipa.test

    run:
       sudo useradd lcluser
       sudo passwd lcluser
       su - lcluser
       sudo -l

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1562025

4 years ago

Metadata Update from @jhrozek:
- Issue assigned to jhrozek

4 years ago

Metadata Update from @jhrozek:
- Issue tagged with: PR, bug

4 years ago

Metadata Update from @jhrozek:
- Issue priority set to: major

4 years ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4711

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata