diff -u sssd-1.11.7/debian/changelog sssd-1.11.7/debian/changelog
--- sssd-1.11.7/debian/changelog
+++ sssd-1.11.7/debian/changelog
@@ -1,3 +1,13 @@
+sssd (1.11.7-3) unstable; urgency=medium
+
+  * libsss-sudo.postrm: Delete sudoers line from nsswitch.conf, if only
+    files source left. (Closes: #749722)
+  * libsss-sudo.postinst: Fix comments.
+  * libsss-sudo.postinst: Check nsswitch sudoers entry unconditionally,
+    so that it is added on upgrade too if missing.
+
+ -- Timo Aaltonen <tjaalton@debian.org>  Fri, 16 Jan 2015 13:53:22 +0200
+
 sssd (1.11.7-2) unstable; urgency=medium
 
   * default, upstart.in: Upstream ticket #2312 is fixed now, so drop the
diff -u sssd-1.11.7/debian/libsss-sudo.postinst sssd-1.11.7/debian/libsss-sudo.postinst
--- sssd-1.11.7/debian/libsss-sudo.postinst
+++ sssd-1.11.7/debian/libsss-sudo.postinst
@@ -24,10 +24,9 @@
     echo "$*"
 }
 
-# try to insert sss entries to the passwd, group, shadow and netgroup
-# lines in /etc/nsswitch.conf to automatically enable libnss-sss
-# support; do not change the configuration if the lines already
-# references some sss lookups
+# try to insert sss entries to the sudoers line in /etc/nsswitch.conf to
+# automatically enable libsss-sudo support; do not change the configuration
+# if the lines already references some sss lookups
 insert_nss_entry() {
     log "Checking NSS setup..."
     # abort if /etc/nsswitch.conf does not exist
@@ -49,19 +48,6 @@
 }
 
-action="$1"
+insert_nss_entry
 
-if [ configure = "$action" ]; then
-    if [ -z "$2" ]; then
-        log "First installation detected..."
-        # first install: setup the recommended configuration (unless
-        # nsswitch.conf already contains sss entries)
-        insert_nss_entry
-    else
-        # upgrade
-        version="$2"
-
-        # Nothing to do here yet
-    fi
-fi
 
 exit 0
diff -u sssd-1.11.7/debian/libsss-sudo.postrm sssd-1.11.7/debian/libsss-sudo.postrm
--- sssd-1.11.7/debian/libsss-sudo.postrm
+++ sssd-1.11.7/debian/libsss-sudo.postrm
@@ -22,6 +22,11 @@
         s/[[:space:]]+$//
       }
     ' /etc/nsswitch.conf
+
+    # delete sudoers line if only default entry left"
+    if ! [ -z "grep \"^sudoers:        files$\" /etc/nsswitch.conf" ]; then
+        sed -i /^sudoers:/d /etc/nsswitch.conf
+    fi
 }
 
 case "$1" in