[sudo-users] RHEL WS 3 / LDAP via ssl - start_tls_s not working?
ftc at evilgeniuses.org.uk
Fri May 20 08:31:51 EDT 2005
> Unfortunately sudo 1.6.8 is not included in the RedHat WS 3 (update 3).
> What I was looking for was to have a centralized sudoers file.
> Using OpenLDAP 2.0.27-17 from RedHat to compile sudo 1.6.8p8 seems to
> work well (config.log shows: define HAVE_LDAP_START_TLS_S 1 ), but when
> I try to use it in my LDAP environment:
> LDAP Config Summary
> host myldapserver
> port 636
> ldap_version 3
> sudoers_base ou=Sudoers,dc=my,dc=domain,dc=com
> binddn (anonymous)
> bindpw (anonymous)
> ssl on
> ldap_simple_bind_s()=81 : Can't contact LDAP server
It sounds like you may be having certificate issues or even something as
simple as that slapd is not listening on port 636. Check it is started
in a way similar to:
slapd -h 'ldap:// ldaps://'
Red Hat startup scripts seem to take care of this. You can also use:
Will tell you if anything is listening on port 636. If you do not care
about certificate verification, then you can add the following to your
ldap.conf on the client machine:
and see if it works.
More information about the sudo-users