Running "ipa sudorule-add-option" command to modify existing sudorule in IPA gives a false error message

Solution Verified - Updated -


  • ipa sudorule-add-option seems to give a false error message
  • A false error is shown when options are added to an existing sudo rule using sudooption argument
[root@rhel7-ipaserver ~]# ipa sudorule-add-option testrule --sudooption='!authenticate'
Added option "!authenticate" to Sudo Rule "testrule"
  Rule name: testrule
  Enabled: TRUE
  Sudo Option: !authenticate
  Failed hosts/hostgroups:,cn=computers,cn=accounts,dc=example,dc=com
  Failed users/groups: cn=groupname,cn=groups,cn=accounts,dc=example,dc=com


  • Red Hat Enterprise Linux 7
  • ipa-server-4.6.4-x.el7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In