[Freeipa-users] Sudo works for full access, but not on a per command or host level.

[Rob Crittenden]

Can you confirm that you have sudoer_debug set to 2?

If I gather correctly, this is on RHEL 6.3? What version of sudo?

I'm seeing different output. Mine includes the number of candidate 
results for sudoUser are found.

If you watch /var/log/dirsrv/slapd-REALM/access on your IPA server 
you'll be able to see the LDAP searches the sudo client is making. The 
log is buffered so you won't see them immediately. Can you send us the 
queries that are being made?

thanks

rob