Setting --groups=ALL or --users=ALL with - sudorule-add-runasuser , and other special values that are allowed in the SUDOers configuration file should result in error. These values are not supported in IPA sudo rules.
Patch sent for review
New patch version is available: https://www.redhat.com/archives/freeipa-devel/2012-January/msg00109.html
Pushed to master and ipa-2-2 after review master: 4622812 ipa-2-2: 3d53218
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=782976
Metadata Update from @jgalipea: - Issue assigned to abbra - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/01
Login to comment on this ticket.