diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index 764def51b..5130bcd69 100644
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -2568,8 +2568,9 @@ sudo_ldap_display_cmnd(struct sudo_nss *nss, struct passwd *pw)
 	goto done;
     for (i = 0; i < lres->nentries; i++) {
 	entry = lres->entries[i].entry;
-	if (sudo_ldap_check_command(ld, entry, NULL) &&
-	    sudo_ldap_check_runas(ld, entry)) {
+	if (!sudo_ldap_check_runas(ld, entry))
+	    continue;
+	if (sudo_ldap_check_command(ld, entry, NULL) == true) {
 	    found = true;
 	    goto done;
 	}
diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c
index edd708460..14179fc59 100644
--- a/plugins/sudoers/sssd.c
+++ b/plugins/sudoers/sssd.c
@@ -1380,8 +1380,9 @@ sudo_sss_display_cmnd(struct sudo_nss *nss, struct passwd *pw)
 
     for (i = 0; i < sss_result->num_rules; i++) {
 	rule = sss_result->rules + i;
-	if (sudo_sss_check_command(handle, rule, NULL) &&
-	    sudo_sss_check_runas(handle, rule)) {
+	if (!sudo_sss_check_runas(handle, rule))
+	    continue;
+	if (sudo_sss_check_command(handle, rule, NULL) == true) {
 	    found = true;
 	    goto done;
 	}