In the link posted above, the OP solves the problem by adding objectClass: posixgroup to his groups. In my case, they already are "posix-ified".
But, I finally made my sudorules to work by turning use_fully_qualified_names = False. Summary: use_fully_qualified_names = True + sudo 1.8.16-0ubuntu1 => OK use_fully_qualified_names = True + sudo 1.8.16-0ubuntu1.3 => NOK use_fully_qualified_names = False + sudo 1.8.16-0ubuntu1.3 => OK Remaining problems: sudoUser=%#gid is not retrieved -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1686544 Title: sudo fails to retrieve groups in sudoUser To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1686544/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs