diff -up sudo-1.8.6p7/common/fmt_string.c.ldap_sssd_parse_whitespaces sudo-1.8.6p7/common/fmt_string.c
--- sudo-1.8.6p7/common/fmt_string.c.ldap_sssd_parse_whitespaces	2013-02-25 20:42:44.000000000 +0100
+++ sudo-1.8.6p7/common/fmt_string.c	2016-05-11 10:31:30.206090322 +0200
@@ -38,6 +38,8 @@
 # include <strings.h>
 #endif /* HAVE_STRINGS_H */
 
+#include <ctype.h>
+
 #include "missing.h"
 #include "sudo_debug.h"
 
@@ -64,3 +66,17 @@ fmt_string(const char *var, const char *
 
     debug_return_str(str);
 }
+
+char * rm_whitespaces(char * str){
+	    int state = 1;
+	    char * c;
+	    for (c = str ; *c != '\0' ; c++){
+	        if (state && isspace(*c))str++;
+	        else if (!isspace(*c))state = 0;
+	        else if (!state && isspace(*c)){
+			*c = '\0';
+			break;
+			}
+		}
+		return str;
+}
diff -up sudo-1.8.6p7/plugins/sudoers/ldap.c.ldap_sssd_parse_whitespaces sudo-1.8.6p7/plugins/sudoers/ldap.c
--- sudo-1.8.6p7/plugins/sudoers/ldap.c.ldap_sssd_parse_whitespaces	2016-05-11 10:31:30.202090379 +0200
+++ sudo-1.8.6p7/plugins/sudoers/ldap.c	2016-05-11 10:31:30.207090307 +0200
@@ -1012,17 +1012,17 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMe
 	    if (op == '+' || op == '-') {
 		*(val - 2) = '\0';	/* found, remove extra char */
 		/* case var+=val or var-=val */
-		set_default(var, strunquote(val), (int) op);
+		set_default(rm_whitespaces(var), strunquote(val), (int) op);
 	    } else {
 		/* case var=val */
-		set_default(var, strunquote(val), true);
+		set_default(rm_whitespaces(var), strunquote(val), true);
 	    }
 	} else if (*var == '!') {
 	    /* case !var Boolean False */
-	    set_default(var + 1, NULL, false);
+	    set_default(rm_whitespaces(var + 1), NULL, false);
 	} else {
 	    /* case var Boolean True */
-	    set_default(var, NULL, true);
+	    set_default(rm_whitespaces(var), NULL, true);
 	}
 	efree(var);
     }
diff -up sudo-1.8.6p7/plugins/sudoers/sssd.c.ldap_sssd_parse_whitespaces sudo-1.8.6p7/plugins/sudoers/sssd.c
--- sudo-1.8.6p7/plugins/sudoers/sssd.c.ldap_sssd_parse_whitespaces	2016-05-11 10:31:30.202090379 +0200
+++ sudo-1.8.6p7/plugins/sudoers/sssd.c	2016-05-11 10:31:30.207090307 +0200
@@ -1004,17 +1004,17 @@ sudo_sss_parse_options(struct sudo_sss_h
 	    if (op == '+' || op == '-') {
 		*(val - 2) = '\0';	/* found, remove extra char */
 		/* case var+=val or var-=val */
-		set_default(v, strunquote(val), (int) op);
+		set_default(rm_whitespaces(v), strunquote(val), (int) op);
 	    } else {
 		/* case var=val */
-		set_default(v, strunquote(val), true);
+		set_default(rm_whitespaces(v), strunquote(val), true);
 	    }
 	} else if (*v == '!') {
 	    /* case !var Boolean False */
-	    set_default(v + 1, NULL, false);
+	    set_default(rm_whitespaces(v + 1), NULL, false);
 	} else {
 	    /* case var Boolean True */
-	    set_default(v, NULL, true);
+	    set_default(rm_whitespaces(v), NULL, true);
 	}
 	efree(v);
     }
diff -up sudo-1.8.6p7/plugins/sudoers/sudoers.h.ldap_sssd_parse_whitespaces sudo-1.8.6p7/plugins/sudoers/sudoers.h
--- sudo-1.8.6p7/plugins/sudoers/sudoers.h.ldap_sssd_parse_whitespaces	2016-05-11 10:31:30.204090350 +0200
+++ sudo-1.8.6p7/plugins/sudoers/sudoers.h	2016-05-11 10:31:30.207090307 +0200
@@ -346,6 +346,7 @@ int sudoers_hook_unsetenv(const char *na
 
 /* fmt_string.c */
 char *fmt_string(const char *, const char *);
+char *rm_whitespaces(char * str);
 
 /* sudoers.c */
 void plugin_cleanup(int);