[sudo-users] SUDO SSL LDAP error
Eric Freeman
eric.freeman at tbwachiat.com
Mon May 17 10:35:49 EDT 2010
I am running RHEN 5.5 I have LDAP authentication working. I am able to ssh
into the server with my LDAP credentials. Our LDAP server is set up
correctly because we have other systems using SUDO and LDAP working.
When I turn off ssl I am able use sudo to authenticate to LDAP and have it
work.
Please let me know if you need more information.
However, when I try to run sudo commands using SSL I get the error.
LDAP Config Summary
===================
uri ldap://xxxxx
ldap_version 3
sudoers_base ou=xxxxxx
binddn cn=xxxxxx
bindpw xxxxxx
timelimit 10
ssl start_tls
===================
sudo: ldap_initialize(ld, ldap://xxxxxxx)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: timelimit -> 10
sudo: ldap_start_tls_s(): Connect error
more /etc/openldap/ldap.conf
BASE o=nam
TLS_REQCERT never
TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://xxxx
more /etc/nsswitch.conf
sudoers: ldap files
more /etc/ldap.conf
This e-mail is intended only for the named person or entity to which
it is addressed and contains valuable business information that is
privileged, confidential and/or otherwise protected from disclosure.
Dissemination, distribution or copying of this e-mail or the
information herein by anyone other than the intended recipient, or
an employee or agent responsible for delivering the message to the
intended recipient, is strictly prohibited. All contents are the
copyright property of TBWA Worldwide, its agencies or a client of
such agencies. If you are not the intended recipient, you are
nevertheless bound to respect the worldwide legal rights of TBWA
Worldwide, its agencies and its clients. We require that unintended
recipients delete the e-mail and destroy all electronic copies in
their system, retaining no copies in any media.If you have received
this e-mail in error, please immediately notify us via e-mail to
disclaimer at tbwaworld.com. We appreciate your cooperation.
We make no warranties as to the accuracy or completeness of this
e-mail and accept no liability for its content or use. Any opinions
expressed in this e-mail are those of the author and do not
necessarily reflect the opinions of TBWA Worldwide or any of its
agencies or affiliates.
More information about the sudo-users
mailing list