SSSD sudo rules with wildcard in sudoHost no longer available

Issue

After upgrading to RHEL 8.3 (or later), SSSD no longer fetches sudo rules with wildcard character * in sudoHost attribute.

A sudo rule allows user from any host, which matches specific pattern, is stored in LDAP backend:

# sudo rule
dn: cn=bobSudoRule,ou=sudoers,dc=example,dc=com
objectClass: top
objectClass: sudoRole
cn: bobSudoRule
sudoUser: bob
sudoHost: rhel*.example.com     <<<<<=====
sudoCommand: ALL

sudo is configured to retrieve sudo rules from LDAP via SSSD
The sudo rule works on RHEL7 and RHEL8, before upgrading to RHEL 8.3

Environment

Red Hat Enterprise Linux 8.3 and newer
- sssd-2.3.0 and newer

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Select Your Language

SSSD sudo rules with wildcard in sudoHost no longer available

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links