Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 883408

Summary: Make it clear that ldap_sudo_include_regexp can only handle wildcards
Product: Red Hat Enterprise Linux 6 Reporter: Nikolai Kondrashov <nikolai.kondrashov>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.4CC: dpal, grajaiya, jgalipea, okos, pbrezina
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.9.2-41.el6 Doc Type: Bug Fix
Doc Text:
No documentation needed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 09:41:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 888457    

Description Nikolai Kondrashov 2012-12-04 14:12:21 UTC 
Description of problem:
The "ldap_sudo_include_regexp" option is named incorrectly, because sudo doesn't actually support regular expressions (as in, e.g. perl-compatible regular expressions) for configuration, but instead shell-like wildcards. In particular, sudoers(5) states about wildcards: "Note that these are not regular expressions."

This results in confusion.

The option would better be named "ldap_sudo_include_wildcards" or "ldap_sudo_include_glob" and documentation should be updated accordingly. Namely:

1. sssd-sudo(5) - change "regular expression" to "wildcards" or "glob characters".
2. sssd-ldap(5) - the description of the option in question.

Version-Release number of selected component (if applicable):
sssd-1.9.2-30.el6.x86_64
libsss_sudo-1.9.2-30.el6.x86_64
sudo-1.8.6p3-6.el6.x86_64
sssd-client-1.9.2-30.el6.x86_64
libsss_idmap-1.9.2-30.el6.x86_64
Comment 2 Pavel Březina 2012-12-04 14:36:57 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1690
Comment 4 Nikolai Kondrashov 2012-12-14 13:25:50 UTC 
Verified *unfixed* with the following packages:

sssd-client-1.9.2-41.el6.x86_64
libsss_idmap-1.9.2-41.el6.x86_64
libsss_sudo-1.9.2-41.el6.x86_64
sudo-1.8.6p3-6.el6.x86_64
sssd-1.9.2-41.el6.x86_64

The option is *not* renamed and sssd-ldap(5) still shows the old name.
Comment 5 Jakub Hrozek 2012-12-14 14:24:02 UTC 
That was not the point of the patch. Sorry, I should have been more clear. 

We can't rename the option just like that. There may be people using the option already. For 6.4, the only thing we could do was be clear in the man page that the option only supports wildcards, not regexes. For a later release, we will provide a new option ldap_sudo_include_wildcard that would be the preferred one and anybody who will use ldap_sudo_include_regexp will get a warning.

For 6.4, the verification only amounts to checking that the manpage says wildcard, not regexp.
Comment 6 Nikolai Kondrashov 2012-12-14 14:38:05 UTC 
I can confirm that documentation was updated to use "wildcards" instead of "regular expressions".

Otherwise this bug cannot be closed as fixed yet.
Comment 7 Jakub Hrozek 2012-12-14 14:58:49 UTC 
We won't be doing anything else except the docs fix in 6.4. Tracking that is the purpose of this bugzilla.

The rest of the work is being tracked in the upstream ticket https://fedorahosted.org/sssd/ticket/1707 and will be cloned as appropriate.
Comment 8 Nikolai Kondrashov 2012-12-14 15:01:27 UTC 
OK. What will be tracking renaming of the option, then? Shall we make another bug for renaming, or maybe another bug for documentation fix?
Comment 9 Dmitri Pal 2012-12-14 15:02:37 UTC 
Yes this should be closed as verified. The real fix will be done some time later when we address the ticket above.
Please flip it back to ON_QE.
Comment 10 Nikolai Kondrashov 2012-12-14 15:05:00 UTC 
Verified fixed with the following packages:

sssd-client-1.9.2-41.el6.x86_64
libsss_idmap-1.9.2-41.el6.x86_64
libsss_sudo-1.9.2-41.el6.x86_64
sudo-1.8.6p3-6.el6.x86_64
sssd-1.9.2-41.el6.x86_64
Comment 11 errata-xmlrpc 2013-02-21 09:41:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html