[Freeipa-users] SSSD does not fetch Sudo Rules anymore
Alexander Bokovoy
abokovoy at redhat.com
Mon Mar 7 08:54:43 UTC 2016
On Mon, 07 Mar 2016, Zoske, Fabian wrote:
>Thank you for your explanation.
>
>I looked in the sssd_<DOMAIN>.log and found the actual LDAP-Filter.
>The problem seems to be the first part again: (&(objectclass=sudoRole)(entryUSN>=485025)(!(entryUSN=485025))).
>In the LDAP-Tree I can't see any attribute named entryUSN.
>
>Is this related to the problem?
No, it is not. entryUSN is an attribute that is not stored in the entry,
it is a feature that adds a monotonically increased value to any update
of an entry. It is used to check whether entries were changed since last
search.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list