diff -up ./plugins/sudoers/ldap.c.ldap-sssd-notallowedcmnd ./plugins/sudoers/ldap.c --- ./plugins/sudoers/ldap.c.ldap-sssd-notallowedcmnd 2016-10-06 17:52:12.958313455 +0200 +++ ./plugins/sudoers/ldap.c 2016-10-06 17:53:10.880256349 +0200 @@ -1932,8 +1932,9 @@ sudo_ldap_display_cmnd(struct sudo_nss * lres = sudo_ldap_result_get(nss, pw); for (i = 0; i < lres->nentries; i++) { entry = lres->entries[i].entry; - if (sudo_ldap_check_command(ld, entry, NULL) && - sudo_ldap_check_runas(ld, entry)) { + if (!sudo_ldap_check_runas(ld, entry)) + continue; + if (sudo_ldap_check_command(ld, entry, NULL) == true) { found = true; goto done; } diff -up ./plugins/sudoers/sssd.c.ldap-sssd-notallowedcmnd ./plugins/sudoers/sssd.c --- ./plugins/sudoers/sssd.c.ldap-sssd-notallowedcmnd 2016-10-06 17:54:17.885876637 +0200 +++ ./plugins/sudoers/sssd.c 2016-10-06 17:55:26.530435388 +0200 @@ -1173,8 +1173,9 @@ sudo_sss_display_cmnd(struct sudo_nss *n for (i = 0; i < sss_result->num_rules; i++) { rule = sss_result->rules + i; - if (sudo_sss_check_command(handle, rule, NULL) && - sudo_sss_check_runas(handle, rule)) { + if (!sudo_sss_check_runas(handle, rule)) + continue; + if (sudo_sss_check_command(handle, rule, NULL) == true) { found = true; goto done; }