[sudo-users] Solaris 8 native LDAP libraries and SSL.
Fred Clausen
ftc at evilgeniuses.org.uk
Tue May 3 05:46:39 EDT 2005
Thanks for your reply Todd,
> Sudo (actually, configure) looks for the ldap_start_tls_s() function.
> If this is not present, sudo will not attempt to use ssl/tls.
I realise now that since the native Solaris 8 LDAP libraries do not
contain a function called ldap_start_tls_s() function, this will not
work and thusly ssl/tls will not be used.
However, I had a look at the default Solaris 8 LDAP header file,
/usr/include/ldap.h, and it checks to see if LDAP_SSL is defined. If
this is defined, then it includes security/ssl.h. I had a look round
for some "official" Solaris SSL SDK but all I could find was SUNWtls
already installed, it does not include header files just shared libs.
So I made a symlink /usr/include/security/ssl.h to point to
/usr/local/ssl/include/openssl/ssl.h. Then I ran configure like so:
CPPFLAGS="-DLDAP_SSL -I/usr/local/ssl/include" ./configure \
--prefix=/usr/local --sysconfdir=/usr/locale/etc \
--with-ldap-conf-file=/usr/local/etc/ldap.conf \
--with-pam --with-ldap
This did not change the behaviour, I am still testing but I thought
I would just share my findings thus far with the list.
Best regards,
Fred.
More information about the sudo-users
mailing list