diff -up sudo-1.8.6p7/configure.in.ipahostname sudo-1.8.6p7/configure.in
--- sudo-1.8.6p7/configure.in.ipahostname	2014-09-29 11:14:38.393846226 +0200
+++ sudo-1.8.6p7/configure.in	2014-09-29 11:14:38.428845807 +0200
@@ -309,7 +309,7 @@ dnl Handle SSSD support.
 dnl
 AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],
 [case $with_sssd in
-    yes)	SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo"
+    yes)	SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo ipa_hostname.lo"
 		AC_DEFINE(HAVE_SSSD)
 		;;
     no)		;;
diff -up sudo-1.8.6p7/plugins/sudoers/ipa_hostname.c.ipahostname sudo-1.8.6p7/plugins/sudoers/ipa_hostname.c
--- sudo-1.8.6p7/plugins/sudoers/ipa_hostname.c.ipahostname	2014-09-29 11:14:38.429845795 +0200
+++ sudo-1.8.6p7/plugins/sudoers/ipa_hostname.c	2014-09-29 11:14:38.429845795 +0200
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2013 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ * Authors:
+ *      Daniel Kopecek <dkopecek@redhat.com>
+ */
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <stdlib.h>
+#include <resolv.h>
+#include <string.h>
+#include <ctype.h>
+
+static const char *sssd_conf_path = "/etc/sssd/sssd.conf";
+
+char *ipa_hostname(void)
+{
+	static char hname[MAXHOSTNAMELEN+1];
+	size_t hname_len = 0;
+	char *line = NULL;
+	ssize_t line_len = 0;
+	size_t line_buflen = 0;
+	FILE *fp;
+
+	if ((fp = fopen(sssd_conf_path, "r")) == NULL)
+		return NULL;
+	while ((line_len = getline(&line, &line_buflen, fp)) > 0) {
+		char *keyword_loc;
+		if ((keyword_loc = strstr(line, "ipa_hostname")) != NULL) {
+			size_t i;
+			char *value_loc;
+			size_t value_len;
+
+			value_loc = keyword_loc + strlen("ipa_hostname") + 1;
+			value_len = line_len - (size_t)(value_loc - line);
+
+			/* Skip spaces and the assignment operator */
+			for (i = 0; i < value_len; ++i) {
+				if (isspace(value_loc[i]) || value_loc[i] == '=') {
+					continue;
+				} else {
+					break;
+				}
+			}
+
+			value_loc += i;
+			value_len -= i;
+
+			if (value_len <= MAXHOSTNAMELEN) {
+				memcpy(hname, value_loc, value_len * sizeof(char));
+				free(line);
+				fclose(fp);
+				hname_len = value_len;
+				hname[hname_len] = '\0';
+				/* Remove spaces from the end of the string */
+				for (i = hname_len - 1; i > 0; --i) {
+					if (isspace(hname[i])) {
+						hname[i] = '\0';
+						--hname_len;
+					} else {
+						break;
+					}
+				}
+				return hname;
+			}
+		}
+		free(line);
+		line = NULL;
+	}
+
+	fclose(fp);
+	return NULL;
+}
diff -up sudo-1.8.6p7/plugins/sudoers/ipa_hostname.h.ipahostname sudo-1.8.6p7/plugins/sudoers/ipa_hostname.h
--- sudo-1.8.6p7/plugins/sudoers/ipa_hostname.h.ipahostname	2014-09-29 11:14:38.429845795 +0200
+++ sudo-1.8.6p7/plugins/sudoers/ipa_hostname.h	2014-09-29 11:14:38.429845795 +0200
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2013 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ * Authors:
+ *      Daniel Kopecek <dkopecek@redhat.com>
+ */
+#ifndef _IPA_HOSTNAME_H_
+#define _IPA_HOSTNAME_H_
+
+char *ipa_hostname(void);
+
+#endif /* _IPA_HOSTNAME_H_ */
diff -up sudo-1.8.6p7/plugins/sudoers/Makefile.in.ipahostname sudo-1.8.6p7/plugins/sudoers/Makefile.in
--- sudo-1.8.6p7/plugins/sudoers/Makefile.in.ipahostname	2014-09-29 11:14:38.429845795 +0200
+++ sudo-1.8.6p7/plugins/sudoers/Makefile.in	2014-09-29 11:16:54.923210160 +0200
@@ -728,6 +728,9 @@ sia.lo: $(authdir)/sia.c $(top_builddir)
         $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
         $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h
 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/sia.c
+ipa_hostname.lo: $(srcdir)/ipa_hostname.c $(srcdir)/ipa_hostname.h
+	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/ipa_hostname.c
+
 sssd.lo: $(srcdir)/sssd.c $(top_builddir)/config.h \
          $(top_srcdir)/compat/dlfcn.h $(srcdir)/sudoers.h \
          $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \
diff -up sudo-1.8.6p7/plugins/sudoers/sssd.c.ipahostname sudo-1.8.6p7/plugins/sudoers/sssd.c
--- sudo-1.8.6p7/plugins/sudoers/sssd.c.ipahostname	2014-09-29 11:14:38.424845855 +0200
+++ sudo-1.8.6p7/plugins/sudoers/sssd.c	2014-09-29 11:14:38.429845795 +0200
@@ -60,6 +60,7 @@
 #include "parse.h"
 #include "lbuf.h"
 #include "sudo_debug.h"
+#include "ipa_hostname.h"
 
 /* SSSD <--> SUDO interface - do not change */
 struct sss_sudo_attr {
@@ -549,6 +550,24 @@ sudo_sss_check_runas(struct sudo_sss_han
     debug_return_bool(ret);
 }
 
+static bool sudo_sss_ipa_hostname_matches(const char *hostname_val)
+{
+	bool ret = false;
+	char *ipa_hostname_val;
+	debug_decl(sudo_sss_ipa_hostname_matches, SUDO_DEBUG_SSSD)
+
+	if ((ipa_hostname_val = ipa_hostname()) != NULL) {
+		ret = hostname_matches(ipa_hostname_val, ipa_hostname_val, hostname_val) || \
+		      netgr_matches(hostname_val, ipa_hostname_val, ipa_hostname_val, NULL);
+	}
+
+	sudo_debug_printf(SUDO_DEBUG_TRACE, "IPA hostname (%s) matches %s => %s",
+	                  ipa_hostname_val ? ipa_hostname_val : "<none>", hostname_val,
+	                  ret ? "true" : "false");
+
+	debug_return_bool(ret);
+}
+
 static bool
 sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
 {
@@ -580,6 +599,7 @@ sudo_sss_check_host(struct sudo_sss_hand
 
 	/* match any or address or netgroup or hostname */
 	if (!strcmp(val, "ALL") || addr_matches(val) ||
+	    sudo_sss_ipa_hostname_matches(val) ||
 	    netgr_matches(val, user_host, user_shost, NULL) ||
 	    hostname_matches(user_shost, user_host, val))
 	    ret = true;