SUSE Support

Here When You Need Us

sssd-ldap sudo rules are not listed after switching to sssd version >=2.0.0

This document (000020880) is provided subject to the disclaimer at the end of this document.


SUSE Linux Enterprise Server 15 SP4


With sssd >=2.0.0 wildcards in the sudoHost LDAP attribute are not enabled by default anymore.
The sssd configuration option ldap_sudo_include_regexp changed its default value from true to false beginning with sssd-2.0.0.

The following rule would not work anymore and therefor not be listed via sudo -l -U <User>:
dn: cn=SUDOUSER,ou=SUDOers,dc=example,dc=com
sudoHost: *
sudoOption: !authenticate
objectClass: sudoRole


Put the following statement into the LDAP section or change its value to true if it already exists:
ldap_sudo_include_regexp = true


With SUSE LINUX Enterprise Server 15 SP4 sssd version 2.5 has been shipped.
The default value of ldap_sudo_include_regexp changed from true to false.


This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020880
  • Creation Date: 02-Dec-2022
  • Modified Date:02-Dec-2022
    • SUSE Linux Enterprise Server
    • SUSE Linux Enterprise Server for SAP Applications
    • SUSE Linux Enterprise Micro

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.