[sudo-users] RHEL WS 3 / LDAP via ssl - start_tls_s not working?

Fred Clausen ftc at evilgeniuses.org.uk
Fri May 20 08:31:51 EDT 2005

Hi All,

> Unfortunately sudo 1.6.8 is not included in the RedHat WS 3 (update 3).
> What I was looking for was to have a centralized sudoers file.
> Using OpenLDAP 2.0.27-17 from RedHat to compile sudo 1.6.8p8 seems to
> work well (config.log shows: define HAVE_LDAP_START_TLS_S 1 ), but when
> I try to use it in my LDAP environment:
> LDAP Config Summary
> ===================
> host         myldapserver
> port         636
> ldap_version 3
> sudoers_base ou=Sudoers,dc=my,dc=domain,dc=com
> binddn       (anonymous)
> bindpw       (anonymous)
> ssl          on
> ===================
> ldap_init(myldapserver,636)
> ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
> ldap_simple_bind_s()=81 : Can't contact LDAP server

It sounds like you may be having certificate issues or even something as
simple as that slapd is not listening on port 636. Check it is started
in a way similar to:

slapd -h 'ldap:// ldaps://'

Red Hat startup scripts seem to take care of this. You can also use:

netstat -tnlp

Will tell you if anything is listening on port 636. If you do not care
about certificate verification, then you can add the following to your
ldap.conf on the client machine:

tls_checkpeer no

and see if it works.



More information about the sudo-users mailing list