[sudo-users] sudo-1.6.8p7 + ldaps + self signed vertificate

Justin Albstmeijer justin at VLAMea.com
Fri Mar 25 01:44:59 EST 2005


sudo was build against openldap on the client I'm testing on.

Please let me know if you need additional information.

Justin

> Did you build sudo against OpenLDAP or another LDAP SDK?  If you built
it against OpenLDAP, it sounds like we will need to add some
> configuration parameters that allow you to specify where your trusted
certificate signers are.
>
>  -Aaron
>
>
> On Thu, 24 Mar 2005 17:21:35 +0100 (CET), Justin Albstmeijer
> <justin at vlamea.com> wrote:
>>
>> sudo (--with ldap) works fine as long as I don't use SSL for LDAP.
>>
>> I get the same error as with ldapsearch when not setting "TLS_REQCERT
allow" in /etc/openldap/ldap.conf. Ldapsearch works fine now, but sudo
still is not working with this option set.
>>
>> Any idea?
>>
>> -------
>> TLS certificate verification: Error, self signed certificate
>> TLS trace: SSL3 alert write:fatal:unknown CA
>> TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS
trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't
connect.
>> -------
>>
>> ____________________________________________________________
>> sudo-users mailing list <sudo-users at sudo.ws>
>> For list information, options, or to unsubscribe, visit:
>> http://www.sudo.ws/mailman/listinfo/sudo-users
>>
>
>







More information about the sudo-users mailing list