Description of problem:
sudo with sssd doesn't work correctly with sudoOrder option. rule with the highest value in sudoOrder parameter should be used.
[test]su - userallowed -c 'sudo true'su: warning: cannot change directory to /home/userallowed: No such file or directory
Sorry, user userallowed is not allowed to execute '/bin/true' as root on rhel7.example.com.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
I'm having the same problem, has anyone seen this before, sudoOrder is inverted for sssd which conflict with other non-RHEL server configured with sudo-ldap.
As a workaround we solve to change sudoers in nsswitch.conf file from sss to ldap and to configure the /etc/sudo-ldap.conf file and sudoOrder works as expected.
The downside is that there is no offline cache, it requires maintenance of the sudo-ldap.conf file in case of changes and it expose the use of secret user/password for the sudo schema in the ldap server for anyone who has root access.
Pavel says the bug is in sssd.
*** This bug has been marked as a duplicate of bug 1232950 ***