Bug 571

Summary: Non-Unix group plugin should be supported by LDAP sudoUser object
Product: Sudo Reporter: Todd C. Miller <Todd.Miller>
Component: SudoersAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: low    
Version: 1.8.6   
Hardware: All   
OS: All   

Description Todd C. Miller 2012-09-13 14:41:53 MDT 
Unlike normal Unix groups, it is generally not possible to enumerate all of a user's non-Unix groups.  This makes it impossible to build a standard LDAP query that will return all sudoRole objects that match the user's non-Unix groups.  Instead, the netgroup query could be extended to collect all sudoRoles where the sudoUser matches ":%*".
Comment 1 Todd C. Miller 2012-09-17 09:27:28 MDT 
This will be part of sudo 1.8.7.
Comment 2 Todd C. Miller 2013-09-03 15:14:07 MDT 
Fixed in 1.8.7