diff --git a/changelogs/fragments/7880-ipa-fix-sudo-and-hbcalrule-idempotence.yml b/changelogs/fragments/7880-ipa-fix-sudo-and-hbcalrule-idempotence.yml
new file mode 100644
index 0000000000..cb2caa3780
--- /dev/null
+++ b/changelogs/fragments/7880-ipa-fix-sudo-and-hbcalrule-idempotence.yml
@@ -0,0 +1,3 @@
+bugfixes:
+  - ipa_sudorule - the module uses a string for ``ipaenabledflag`` for new FreeIPA versions while the returned value is a boolean (https://github.com/ansible-collections/community.general/pull/7880).
+  - ipa_hbacrule - the module uses a string for ``ipaenabledflag`` for new FreeIPA versions while the returned value is a boolean (https://github.com/ansible-collections/community.general/pull/7880).
diff --git a/plugins/modules/ipa_hbacrule.py b/plugins/modules/ipa_hbacrule.py
index b7633262b6..77a4d0d487 100644
--- a/plugins/modules/ipa_hbacrule.py
+++ b/plugins/modules/ipa_hbacrule.py
@@ -161,6 +161,7 @@ import traceback
 from ansible.module_utils.basic import AnsibleModule
 from ansible_collections.community.general.plugins.module_utils.ipa import IPAClient, ipa_argument_spec
 from ansible.module_utils.common.text.converters import to_native
+from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
 
 
 class HBACRuleIPAClient(IPAClient):
@@ -231,10 +232,17 @@ def ensure(module, client):
     name = module.params['cn']
     state = module.params['state']
 
+    ipa_version = client.get_ipa_version()
     if state in ['present', 'enabled']:
-        ipaenabledflag = 'TRUE'
+        if LooseVersion(ipa_version) < LooseVersion('4.9.10'):
+            ipaenabledflag = 'TRUE'
+        else:
+            ipaenabledflag = True
     else:
-        ipaenabledflag = 'FALSE'
+        if LooseVersion(ipa_version) < LooseVersion('4.9.10'):
+            ipaenabledflag = 'FALSE'
+        else:
+            ipaenabledflag = False
 
     host = module.params['host']
     hostcategory = module.params['hostcategory']
diff --git a/plugins/modules/ipa_sudorule.py b/plugins/modules/ipa_sudorule.py
index 4f00e88059..223f6b6de7 100644
--- a/plugins/modules/ipa_sudorule.py
+++ b/plugins/modules/ipa_sudorule.py
@@ -202,6 +202,7 @@ import traceback
 from ansible.module_utils.basic import AnsibleModule
 from ansible_collections.community.general.plugins.module_utils.ipa import IPAClient, ipa_argument_spec
 from ansible.module_utils.common.text.converters import to_native
+from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
 
 
 class SudoRuleIPAClient(IPAClient):
@@ -334,10 +335,17 @@ def ensure(module, client):
     runasgroupcategory = module.params['runasgroupcategory']
     runasextusers = module.params['runasextusers']
 
+    ipa_version = client.get_ipa_version()
     if state in ['present', 'enabled']:
-        ipaenabledflag = 'TRUE'
+        if LooseVersion(ipa_version) < LooseVersion('4.9.10'):
+            ipaenabledflag = 'TRUE'
+        else:
+            ipaenabledflag = True
     else:
-        ipaenabledflag = 'FALSE'
+        if LooseVersion(ipa_version) < LooseVersion('4.9.10'):
+            ipaenabledflag = 'FALSE'
+        else:
+            ipaenabledflag = False
 
     sudoopt = module.params['sudoopt']
     user = module.params['user']