[sudo-users] sudo-1.6.8p7 + ldaps + self signed vertificate
Aaron Spangler
aaron777 at gmail.com
Sun Jul 10 15:09:44 EDT 2005
I got to thinking about this one.
I think for whatever reason, the LDAP libraries are requiring a
certificate that it trusts. If you specify the "tls_cacertfile" that
contains the certificate of the ldap server it should solve the
problem.
P.S. Sorry for taking so long to respond to this.
-Aaron
On 3/25/05, Justin Albstmeijer <justin at vlamea.com> wrote:
> sudo was build against openldap on the client I'm testing on.
>
> Please let me know if you need additional information.
>
> Justin
>
> > Did you build sudo against OpenLDAP or another LDAP SDK? If you built
> it against OpenLDAP, it sounds like we will need to add some
> > configuration parameters that allow you to specify where your trusted
> certificate signers are.
> >
> > -Aaron
> >
> >
> > On Thu, 24 Mar 2005 17:21:35 +0100 (CET), Justin Albstmeijer
> > <justin at vlamea.com> wrote:
> >>
> >> sudo (--with ldap) works fine as long as I don't use SSL for LDAP.
> >>
> >> I get the same error as with ldapsearch when not setting "TLS_REQCERT
> allow" in /etc/openldap/ldap.conf. Ldapsearch works fine now, but sudo
> still is not working with this option set.
> >>
> >> Any idea?
> >>
> >> -------
> >> TLS certificate verification: Error, self signed certificate
> >> TLS trace: SSL3 alert write:fatal:unknown CA
> >> TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS
> trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't
> connect.
> >> -------
> >>
> >> ____________________________________________________________
> >> sudo-users mailing list <sudo-users at sudo.ws>
> >> For list information, options, or to unsubscribe, visit:
> >> http://www.sudo.ws/mailman/listinfo/sudo-users
> >>
> >
> >
>
>
>
>
>
More information about the sudo-users
mailing list