[sudo-users] Solaris 8 native LDAP libraries and SSL.

Fred Clausen ftc at evilgeniuses.org.uk
Tue May 3 05:46:39 EDT 2005

Thanks for your reply Todd,

> Sudo (actually, configure) looks for the ldap_start_tls_s() function.
> If this is not present, sudo will not attempt to use ssl/tls.

I realise now that since the native Solaris 8 LDAP libraries do not 
contain a function called ldap_start_tls_s() function, this will not 
work and thusly ssl/tls will not be used.

However, I had a look at the default Solaris 8 LDAP header file, 
/usr/include/ldap.h, and it checks to see if LDAP_SSL is defined. If
this is defined, then it includes security/ssl.h. I had a look round
for some "official" Solaris SSL SDK but all I could find was SUNWtls
already installed, it does not include header files just shared libs.

So I made a symlink /usr/include/security/ssl.h to point to
/usr/local/ssl/include/openssl/ssl.h. Then I ran configure like so:

CPPFLAGS="-DLDAP_SSL -I/usr/local/ssl/include" ./configure \
--prefix=/usr/local --sysconfdir=/usr/locale/etc \
--with-ldap-conf-file=/usr/local/etc/ldap.conf \
--with-pam --with-ldap

This did not change the behaviour, I am still testing but I thought
I would just share my findings thus far with the list.

Best regards,


More information about the sudo-users mailing list