[sudo-users] 1.7.0rc1 interesting tests
Todd C. Miller
Todd.Miller at courtesan.com
Mon Jun 9 10:26:32 EDT 2008
In message <484C8BC7.2030101 at mayo.edu>
so spake Patrick Spinler (spinler.patrick):
> (2) suse 9.4 ldap sudoers failure
>
> | pjs11 at mr-dzl01:~> /usr/local/bin/sudo -l
> | LDAP Config Summary
> | ===================
> | host ha-unixhead2.mayo.edu ei-unixhead2.mayo.edu
> | nssmail.mayo.edu
> | port -1
> | ldap_version 3
> | sudoers_base ou=sudoers,dc=nss,dc=mayo,dc=edu
> | binddn (anonymous)
> | bindpw (anonymous)
> | ssl start_tls
> | ===================
> | sudo: ldap_create()
> | sudo: ldap_set_option(LDAP_OPT_HOST_NAME, ha-unixhead2.mayo.edu
> | ei-unixhead2.mayo.edu nssmail.mayo.edu)
> | sudo: ldap_set_option: debug -> 0
> | sudo: ldap_set_option: ldap_version -> 3
> | sudo: ldap_start_tls_s(): Connect error
> | Sorry, user pjs11 may not run sudo on mr-dzl01.
You might try putting the following in /etc/ldap.conf
tls_checkpeer no
and see if that makes any difference. Unfortunately, OpenLDAP
error messages are not terribly informative.
- todd
More information about the sudo-users
mailing list