diff -up sudo-1.8.6p7/common/Makefile.in.strunquote sudo-1.8.6p7/common/Makefile.in
--- sudo-1.8.6p7/common/Makefile.in.strunquote	2013-02-25 20:46:09.000000000 +0100
+++ sudo-1.8.6p7/common/Makefile.in	2015-07-07 14:30:09.267181200 +0200
@@ -63,7 +63,7 @@ SHELL = @SHELL@
 
 LTOBJS = alloc.lo atobool.lo fileops.lo fmt_string.lo lbuf.lo list.lo \
 	 secure_path.lo setgroups.lo sudo_conf.lo sudo_debug.lo term.lo \
-	 ttysize.lo zero_bytes.lo @COMMON_OBJS@
+	 ttysize.lo zero_bytes.lo strunquote.lo @COMMON_OBJS@
 
 all: libcommon.la
 
@@ -164,3 +164,6 @@ ttysize.lo: $(srcdir)/ttysize.c $(top_bu
 zero_bytes.lo: $(srcdir)/zero_bytes.c $(top_builddir)/config.h \
                $(incdir)/missing.h
 	$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/zero_bytes.c
+strunquote.lo: $(srcdir)/strunquote.c $(top_builddir)/config.h \
+               $(incdir)/missing.h
+	$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/strunquote.c
diff -up sudo-1.8.6p7/common/strunquote.c.strunquote sudo-1.8.6p7/common/strunquote.c
--- sudo-1.8.6p7/common/strunquote.c.strunquote	2015-07-07 14:30:09.267181200 +0200
+++ sudo-1.8.6p7/common/strunquote.c	2015-07-07 14:31:05.403649285 +0200
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2015 Daniel Kopecek <dkopecek@redhat.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <string.h>
+#include <ctype.h>
+
+char *strunquote(char *arg)
+{
+  char *str = arg;
+  if (str == NULL) {
+    return NULL;
+  }
+  const size_t len = strlen(str);
+  char *strend = str + len - 1;
+
+  /* Remove blanks */
+  for (; isblank((unsigned char)*str); str++);
+  for (; isblank((unsigned char)*strend) && strend > str; strend--);
+  /*
+   * Check that the string is double-quoted.
+   * If not, we are done.
+   */
+  if (*str != '"' || *strend != '"' || str == strend) {
+    /* Return the original argument if we didn't touch it */
+    return arg;
+  }
+
+  /* Remove the double-quotes */
+  *strend = '\0';
+  ++str;
+
+  return str;
+}
diff -up sudo-1.8.6p7/include/strunquote.h.strunquote sudo-1.8.6p7/include/strunquote.h
--- sudo-1.8.6p7/include/strunquote.h.strunquote	2015-07-07 14:30:09.267181200 +0200
+++ sudo-1.8.6p7/include/strunquote.h	2015-07-07 14:30:09.267181200 +0200
@@ -0,0 +1,17 @@
+/*
+ * Copyright (c) 2015 Daniel Kopecek <dkopecek@redhat.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+char *strunquote(char *arg);
diff -up sudo-1.8.6p7/plugins/sudoers/ldap.c.strunquote sudo-1.8.6p7/plugins/sudoers/ldap.c
--- sudo-1.8.6p7/plugins/sudoers/ldap.c.strunquote	2015-07-07 14:30:09.259181276 +0200
+++ sudo-1.8.6p7/plugins/sudoers/ldap.c	2015-07-07 14:30:09.267181200 +0200
@@ -79,6 +79,7 @@
 #include "sudoers.h"
 #include "parse.h"
 #include "lbuf.h"
+#include "strunquote.h"
 
 /* Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() */
 #if defined(HAVE_LDAPSSL_SET_STRENGTH) && !defined(HAVE_LDAP_SSL_H) && !defined(HAVE_MPS_LDAP_SSL_H)
@@ -1004,10 +1005,10 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMe
 	    if (op == '+' || op == '-') {
 		*(val - 2) = '\0';	/* found, remove extra char */
 		/* case var+=val or var-=val */
-		set_default(var, val, (int) op);
+		set_default(var, strunquote(val), (int) op);
 	    } else {
 		/* case var=val */
-		set_default(var, val, true);
+		set_default(var, strunquote(val), true);
 	    }
 	} else if (*var == '!') {
 	    /* case !var Boolean False */
diff -up sudo-1.8.6p7/plugins/sudoers/sssd.c.strunquote sudo-1.8.6p7/plugins/sudoers/sssd.c
--- sudo-1.8.6p7/plugins/sudoers/sssd.c.strunquote	2015-07-07 14:30:09.260181267 +0200
+++ sudo-1.8.6p7/plugins/sudoers/sssd.c	2015-07-07 14:30:09.268181191 +0200
@@ -61,6 +61,7 @@
 #include "lbuf.h"
 #include "sudo_debug.h"
 #include "ipa_hostname.h"
+#include "strunquote.h"
 
 /* SSSD <--> SUDO interface - do not change */
 struct sss_sudo_attr {
@@ -996,10 +997,10 @@ sudo_sss_parse_options(struct sudo_sss_h
 	    if (op == '+' || op == '-') {
 		*(val - 2) = '\0';	/* found, remove extra char */
 		/* case var+=val or var-=val */
-		set_default(v, val, (int) op);
+		set_default(v, strunquote(val), (int) op);
 	    } else {
 		/* case var=val */
-		set_default(v, val, true);
+		set_default(v, strunquote(val), true);
 	    }
 	} else if (*v == '!') {
 	    /* case !var Boolean False */